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Abstract 

Name-passing calculi are foundational models for mobile computing. Research into these models has produced 
a wealth of results ranging from relative expressiveness to programming pragmatics. The diversity of these results 
call for clarification and reorganization. This paper applies a model independent approach to the study of the name¬ 
passing calculi, leading to a uniform treatment and simplification. The technical tools and the results presented in the 
paper form the foundation for a theory of name-passing calculus. 


1 Mobility in Practice and in Theory 


Mobile calculi feature the ability to pass around objects that contain channel names. Higher order CCS Il^l92ll9^l94ll 
for instance, is a calculus with a certain degree of mobility. In a mobile calculus, a process that receives an object 
may well make use of the names which appear in the object to engage in further interactions. It is in this sense that 
the communication topology is dynamic. It was soon realized that the communication mechanism that restricts the 
contents of communications to the channel names gives rise to a simple yet versatile model that is more powerful than 
the process-passing calculi 11791 l80l l82l [STI . This is the 7r-calculus of Milner, Farrow and Walker IbOl . See fTTII for 
a gentle introduction to the model and the history of the name-passing calculus and IfSTl for a broader coverage. A 
seemingly innocent design decision of the 7r-calculus is to admit a uniform treatment of the names. This decision is 
however not supported by the semantics of the mobile calculi. From a process term T one could construct the input 
prefix term 

a{x).T (1) 


and the localization term 


{x)T. 


( 2 ) 


According to the definition of the 7r-calculus, the semantics of x which appears in ([T]l is far different from that of .x in 
(l2]i. In the former x is a name variable, or a dummy name, that can be instantiated by an arbitrary name when the prefix 
engages in an interaction. In the latter x is a local name that can never be confused with another name. The input prefix 
forces the unbound name x in T to be a name variable, whereas the localization operator forces the unbound name x in 
r to be a constant name. This apparent contradiction is behind all the semantic complications of the 7r-calculus. And 
nothing has been gained by these complications. In what follows we take a look at some of the issues caused by the 
confusion. 

To begin with, the standard operational semantics of the ;7r-calculus has not been very smooth. An extremely useful 
command in both practice and theory is the two leg if-statement if ip then S else T. In mobile calculi this can be 
defined by introducing the conditional terms [x=y]7’ and {x+yfF. The semantics of these terms have been defined 
respectively by the match rule 


A 

T —> r' 
[x=x]r r 


(3) 


and the mismatch rule 



[xi^yfT r 


( 4 ) 
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Rule (HI is unusual since it has an unusual side condition. How should we understand the side condition x yl If 
X, y were constant names, the side condition of dUi would be pointless because x ^ y would be evaluated to logical 
truth. The reason that (|4]i is necessary is precisely because x, y cannot be understood as constant names in the uniform 

treatment of the names. The correct reading of (IDl is that “[xi^y]T —> T' is admissible under the logical assumption 
V 4^ y”. It should now be clear that the popular semantics fails to support the following equivalence 

T = [x^y]T + [x4y]T. (5) 

To see this, let = be ~, the strong early bisimilarity of Milner, Farrow and Walker ll60l . According to the definition, 
T ~ {x-yYT + {x4y\r if and only if 7’cr~([x=y]r + {x4y\r)cr for every substitution cr, where ~ is the strong ground 
bisimulation equivalence. If cr is the identity substitution, it boils down to establishing the following equivalence 

T ~ [x^y]T + [x4y]T. (6) 

We may prove (|6ll under the assumption x 4 y. But we cannot prove (|6]l under the assumption x = y since rule (O 
does not allow us to do that. A related mistake is to introduce a boolean evaluation function beval(S) whose inductive 
definition includes the following clauses: 


This would lead to the axioms 


beval{x-y) - ±, 

beval{x4y) T. 


[x^y]T = 0, 

[x4y]T = T, 


which are wrong if observational equivalences are closed under prefix operations. One way to rectify Q is to introduce 
the following 


T' 


X — y. 


(7) 


[x^y]T r 

The rule (|7]i does not completely eradicate the problem. Take for example the following instance of the expansion law 


XX I y(v) = xx.y{v) + y{v).xx + [x-y]T. (8) 

The right hand side of dUl can do a r-action under the assumption x - y. However the operational semantics of the 
TT-calculus does not admit a r-action of the left hand side of (|8]l even if the logical assumption x = y is made. One 
solution to the above problem is to introduce the following rule 


My lx] 

T[ylx} ^ r{ylx} 

A 

T —> r' 


if X = y and bn{A) n {x,y) = 0. 


This rule is necessary because the terms T{ylx], T are distinct in the meta logic. Our scrutiny of the match/mismatch 
semantics takes us to the symbolic approach of Hennessy and Lin ll^ |4^ |4^ l47l l48l l49l . In the symbolic semantics, 

x^y,A 

one has that [x4yYr —> T', meaning that the action is admissible under the logical assumption x 4 y. Similarly one 

x=y,A T,i 

has [x=y]7’ —> T . Notice that this transition is very different from the transition [x=x]r —> T . In the symbolic 

T,/l xi^y,A 

approach the action T —> T' is simulated by the combined effect of [x4yYr —’> T' and [x=y]7’ —> T', not by any 
single action sequence of [x=y]r -H {x4y\r. If we think of it, the symbolic semantics not only provides the correct 
labeled transition semantics upon which we may study the observation theory of the 7r-calculus, but also makes clear 
the problem caused by the confusion of the name variables and the names. 

Secondly the observational theory of mobile processes is made more complex than it is. One well-known phe¬ 
nomenon is that, unlike in CCS ISgllMl, some standard definitions of process equivalence lead to different equality 
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relations. The standard definition of bisimulation gives rise to ground bisimilarity that is not closed under input prefix 
operation. The solution proposed in ll60l is to take the substitution closure. The resulting relation is the early equiva¬ 
lence. If substitution closure is required in every bisimulation step, one obtains Sangiorgi’s open bisimilarity ||8^ . The 
open bisimilarity is strictly finer than the early equivalence, which is in turn much finer than the ground bisimilarity. 
The open bisimilarity can be further improved to quasi open bisimilarity ||8^ . which lies nontrivially between the 
open bisimilarity and the early equivalence. The barbed equivalence can be defined by placing substitution closure at 
the beginning of bisimulations, which gives rise to the equivalence studied by Milner and Sangiorgi llfiTIl . It can also 
be defined by requiring that every bisimulation step should be closed under substitutions of names. It is shown by 
Sangiorgi and Walker ||8^ that the latter coincides with the quasi open bisimilarity. It is easy to see that the barbed 
equivalence is weaker than the early equivalence. It is not yet clear however if it is subsumed by the early equivalence. 
Putting aside the issue of which of these equivalences is more authoritative than the rest, we would like to point out 
that the substitution closure requirement is an algebraic requirement rather than an observational one. From the true 
spirit of the observation theory, an environment can never detect any difference between a(x).bc + bc.a{x) and a{x) \ be, 
since it can never force the distinct names a, b to be equal. This issue of reconciling the inconsistency between the 
observational view and the algebraic view must be addressed to achieve a better theory of the mobile processes. 

The algebraic requirement also makes the testing theory of mobile processes hard to comprehend. In the testing 
theory developed by De Nicola and Hennessy HD, the behaviors of a process are judged by testers. Two processes are 
testing equivalent if no testing can detect any behavioral difference between them. Like the bisimulation approach, the 
testing approach fails to give rise to a reasonable equivalence on the mobile processes. In order to respect the name 
uniformity and obtain a useful equivalence at the same time, the algebraic condition must be imposed. See Q for 
more on this issue. In some sense the substitution closure condition completely defeats the philosophy of the testing 
theory. 

In retrospect, the confusion of the names and the name variables is not out of the desire to model mobility, since 
mobility can be achieved by using the name variables anyway. If channels have a physical existence, computations or 
interactions really should not manipulate channels. What they are supposed to do is to make use of the channels for the 
purpose of interaction. According to this interpretation, all channel names ought to be constant. To model mobility, 
the introduction of a dichotomy between the names and the name variables is not only an obvious choice, it is the only 
choice. The variables are there for mobility. 

In theory of expressiveness, the name dichotomy provides a basis for comparing the relative expressive powers of 
calculi. The straightforward translation from CCS to the 7r-calculus for instance is fully abstract if in the 7r-calculus a 
line is drawn between the names and the name variables. The translation takes the equivalent CCS processes, say a \ b 
and a.b + b.a, to the equivalent 7r-processes a{x) \ b(y) and a(x).b(y) + b(y).a(x). If the names are treated uniformly, the 
target model would have a much stronger process equality than the source model. In such a framework it is not even 
clear if a reasonably good fully abstract translation from CCS to the 7r-calculus exists. Other expressiveness results 
can also be best interpreted using the name dichotomy. Sangiorgi-Thomsen’s encoding of the higher order CCS in the 
TT-calculus is another example. The process variables of the higher order CCS are translated to the name variables of 
the TT-calculus, while the names of the former are the names of the latter. This encoding is shown to be fully abstract 
by Sangiorgi 11791 fSOl . Again if the names of the ;7r-calculus are treated uniformly, the encoding would not even be 
sound. We could give more examples to support the proposition that a dichotomic understanding should be preferred. 
But the point is already made. The names play a universal role in process theory. Without the assumption that all 
names are constant, expressiveness results about process calculi are bound to be chaotic ||64|. 

When applying the mobile calculi to interpret programming phenomena, the name dichotomy has always been 
enforced. It is sufficient to give just one example. An early work was done by Walker 0103111041 . who defined the 
operational semantics of an object oriented language in terms of the operational semantics of the 7r-calculus. The idea 
of the interpretation can be summarized as follows. An object is modeled by a prefix process of the form objn{x).0, 
where objn is the name of the object. A method is interpreted as a replicated process of the form \mthd{z).M, where 
mthd is the method name. The method can be invoked by a process of the form mthd{v).P that supplies the value v to 
the method parameter. Without going into details, it is already obvious that for this interpretation to make sense, it is 
important to maintain a distinction between the names and the name variables. We could give many other applications 
of the mobile calculi. But it suffices to say that in all these applications, there is a clear cut distinction between the 
names and the name variables. 
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The above discussions lead to the conclusion that, for both theoretical and practical reasons, the ;7r-calculus should 
be defined using the name dichotomy. The dichotomy has been introduced in literature using type systems. If one 
thinks of the type of a channel name as defining the interface property of the channel, then the type theoretical solution 
does not seem appropriate since the difference between a name and a name variable is not about interface property. It 
is our view that the issue should be treated at a more fundamental level. 

This is both a survey paper and research paper. Since we adopt a new uniform and simplified presentation of the 
TT-calculus, there are technical contributions throughout the paper. In view of the huge literature on the ;7r-calculus ll87l . 
it is a daunting task to give an overall account of the various aspects of the model. Our strategy in this paper is to 
present the foundational core of the 7r-calculus, covering the observational theory, the algebraic theory and the relative 
expressiveness. The novelty of our treatment is that, by applying a model independent approach throughout the paper, 
a great deal of simplification and unification are achieved. Our effort can be summarized as follows; 

• We show that a concise operational semantics of tt is available. 

• We demonstrate that the observational theory of n is far less diverse than it has been perceived. 

• We point out that the algebraic theory of tt is simpler than has been suggested. 

The above claims are supported by the following technical contributions: 

• A general model independent process equality, the absolute equality, is applied to the ;7r-calculus. It is proved 
that the well known bisimulation equivalences of the 7r-calculus, mentioned in this introduction, either coincide 
with a weak version of the absolute equality or can be safely ignored. 

• A model independent equivalence, the box equality, is defined and applied to the 7r-calculus. It is demonstrated 
that this new equivalence coincides with the well known rectification of the testing equivalence in the 7r-calculus. 

• Two complete proof systems for the set of the finite ;7r-processes are presented, one for the absolute equality, the 
other for the box equality. 

The model independent theory of process calculi is systematically developed in Il27l . In particular the absolute 
equality and the subbisimilarity used in this paper are taken from ED. It should be pointed out however that the 
present paper has been made self-contained. 

Most of the lemmas are stated without proof. A well-informed reader would have no problem in supplying the 
proof details. 

The rest of the paper is organized into five sections. Section |2] defines our version of the 7r-calculus. Section [3 
studies the model independent observation theory of the 7r-calculus. Section|4]discusses the relative expressiveness of 
some well known variants of the 7r-calculus. Section|3presents a uniform account of the proof systems for the finite 
TT-processes. Section |6]points out how a theory of the 7r-calculus can be developed using the framework set up in this 
paper. 


2 Pi Calculus 

We assume that there is an infinite countable set N of names, an infinite countable set of name variables. These sets 
will be ranged over by different lower case letters. Throughout the paper the following conventions will be enforced; 

• The set N is ranged over by a, b, c, d, e, /, g, h. 

• The set Nv is ranged over by u, v, w, x, y, z. 

• The set N U Ny is ranged over by /, m, n, o, p, q. 

A name variable acts as a place holder that need be substantiated by a name. By its very nature, a name variable cannot 
be used as a channel for interaction. Similarly it cannot be used as a message passed around in a communication. 
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2.1 Process 


To give a structural definition of processes, we need to introduce terms. The set T of n-terms is inductively generated 
by the following BNF: 

S,T 0 I 2 n{x).Ti \ ^ mm.Ti | 5 | T | (c)7’ | [p^q]T \ [p^q]T \ \n.T, 

iel iel 

where / is a hnite nonempty indexing set and 


TT := n(x) I nm. 


Here n(x) is an input prefix and Jim an output prefix. The nil process 0 cannot do anything in any environment. For 
each i < n, the component n{x).Ti is a summand of the input choice term where the name variable x is 

bound. A name variable is free if it is not bound. Similarly the component Jimi.Ti is a summand of the output choice 
term Yiieinmi.Ti. Notice that input and output choices are syntactically simpler than the separated choices WT\ . The 
term T | T' is a concurrent composition. The restriction (c)T is in localization form, where the name c is local. A name 
is global if it is not local. The following functions will be used. 

• gn(-) returns the set of the global names. 

• /«(_) returns the set of the local names. 

• n(_) returns the set of the names. 

• /v(_) returns the set of the free name variables. 

• hv(_) returns the set of the bound name variables. 

• v(_) returns the set of the name variables. 

The guard {p-q} is a match and {pi^q} a mismatch. The term \n.T is a guarded replication and “!’ a replication 
operator. The guarded replication is equivalent to the general replication of the form \T. The transformation from the 
general replication to the guarded replication makes use of an auxiliary function (_)'^ dehned on the replication free 
terms. The structural dehnition is as follows. 


(oy 

def 

0, 

{n.Tf 

def 

7r.(Fc|r), 

(Ti 1 T2y 

def 


((a)Ty 

d_e^f 

(a)Tf 

([p^q]Ty 

def 

[p^q]Ty 

([p*q]Ty 

def 

[p*q]Ty 


If neither c nor z is in T, we may dehne ([Tf by the process (c)(cc | cc \ !c(z).T‘^). It is clear that there would be no loss 
of expressive power if guarded replication is further restrained to the form \p(x).T or I'pq.T. 

A finite 7r-term is one that does not contain any replication operator. A 7r-term is open if it contains free name 
variables; it is closed otherwise. A closed 7r-term is also called a n-process. We write P for the set of the 7r-processes, 
ranged over by L, M, N, O, P, Q. Some derived prehx operators are dehned as follows. 


n(c).T 

def 


def 

n.T 



def 

n.T 

= 

t.T 

def 



{cfnc.T, 

n(z).T for some z i fv(T), 
Ji{c).T for some c i gn{T), 
(c)(c.T I c) for some c i gn(T). 
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Furthermore we introduce the following polyadic prefixes: 

def 

n{x\,...,Xn).T - n{z).z{x\).-■ ■ .z{x„).T for some z ^/vCF), 

_ def _ _ _ 

n{pi,...,p„}.T — n(c).cpi. ■ ■ ■ .cp„.T for some c ( gn(T), 

where « > 1. These two derived operators make it clear how to simulate the polyadic ;7r-calculus ll59l in the (monadic) 
TT-calculus. 

Both bound name variables and local names are subject to a-conversion. Throughout the paper, it is assumed 
that a-conversion is applied whenever it is necessary to avoid confusion. This will be called the a-convention. In for 
example the structural composition rule to be defined later, the side conditions are redundant in the presence of the 
a-convention. 

A condition, denoted by 0, cp, if/, is a finite concatenation of matches and/or mismatches. The concatenation of zero 
match/mismatch is denoted by T, and its negation is denoted by ±. We identify syntactically (T)T with T and (±)T 
with 0. If 'F is the finite name set {ni,..., n,), the notation [pi'T]T stands for {pi^n\\... {pi^ni\T. 

A renaming is a partial injective map a : N ^ N whose domain of definition dom{a) is finite. A substitution 
is a partial map cr : Nv ^ N ft Nv whose domain of definition dom{cr) is finite. An assignment is a partial map 
p : Nv ^ N that associates a name to a name variable in the domain of p. It is convenient to extend the definition 
of an assignment p by declaring p{a) - a for all a e N. Renaming, substitution and assignment are used in postfix. 
We often write {nifxi,..., njfxi} for a substitution, and similar notation is used for renaming. The notation p{x a] 
stands for the assignment that differs from p only in that p{x a] always maps x onto a whereas p{x) might be 
different from a or undefined. Whenever we write p{x) we always assume that p is defined on x. 

An assignment p satisfies a condition denoted by p |= i/f, if p(m) = p(n) for every {m-n} in if/, and p{m)+p{n) 
for every {mi^n} in if/. We write p |= i/r ^ 0 to mean that p |= 0 whenever p if/, and p |= i/f o 0 if both p if/ ^ (p 
and p (f) ^ if/. We say that if/ is valid, notation |= if/ (or simply if/), if p if/ for every assignment p. A useful valid 
condition is the following. 

{xiT) V \y (x-n), (9) 

neT 

where F is a finite subset of TV U TV,. Given a condition ip, we write ip~ and ip* respectively for the condition 
/\{m-n \m,n e n{ip) U v{ip) and ip ^ m-n] and the condition f\\m+n \ m,n e n(ip) U v(i,C!) and 1= ^ ^ m+n). 


2.2 Semantics 


The semantics is defined by a labeled transition system structurally generated by a set of rules. The set X of labels for 
TT-terms, ranged over by {, is 

[ab, db, d(c) \ a,b,c € TV) 


where ab, db, d(c) denote respectively an input action, an output action and a bound output action. The set X* of the 
finite strings of X. is ranged over by £*. The empty string is denoted by e. The set = X U (t) of actions is ranged 
over by A and its decorated versions. The set .XI* of the finite strings of XI is ranged over by A*. With the help of the 
action set, we can define the operational semantics of the ;7r-calculus by the following labeled transition system. 


Action 


Composition 


Localization 


Y,ieiaix).Ti —> Tiicfx] 


i e I 


Yjie/aCi.Ti Ti 


i e I 


r 


s\T ^s\r 


^ cib ^ ab 

s ^ S' T — > r 
s\T -Us'\r 


aic) 

S' T T' 


S\T ^ ic)iS'\T') 


r 


r 


aic) 

(c)T —4 r 


{c)T (c)r 


c i n(A) 
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Condition 


Replication 


r 


[a-a]T 


r 


\ab.T T I mb.T 


r 


[a+b]T r 


ah 


\a(x).T —> T{b/x] \ \a{x).T 


The first composition rule takes care of the structural property. The second and the third define interactions. Their 
symmetric versions have been omitted. Particular attention should be paid to the action rules. An input action may 
receive a name from another term. It is not supposed to accept a name variable. This is because an output action 
is allowed to release a name, not a name variable. To go along with this semantics of interaction, the rule for the 
mismatch operator is defined accordingly. Since distinct names are different constant names, the condition a+b is 

equivalent to T. The transition [x+c]db.T T for instance is not admitted since the name variable x needs to be 
instantiated before the mismatch can be evaluated. One advantage of this semantics is the validity of the following 
lemma. 

A 

Lemma 1. The following statements are valid whenever S —> T. 

1. S a —> T afar every renaming a. 


2. So-- 


Tcr far every substitution cr. 


3. Sp —> Tpfar every assignment p. 

The operational semantics of a process calculus draws a sharp line between internal actions (r-actions) and external 
actions (non-r-actions). From the point of view of interaction, the former is unobservable and the latter is observable. 
A complete internal action sequence of a process P is either an infinite r-action sequence 


or a finite r-action sequence P —» Pi —> ... —> P„, where P„ cannot perform any r-action. A process P is divergent 
if it has an infinite internal action sequence; it is terminating otherwise. 

In the ;7r-calculus with the uniform treatment of names, ifjhen.else- command is defined with the help of the 
unguarded choice operator. A nice thing about the present semantics is that one may define ifjhen.else- command in 
the following manner. 


if m—n then S else T — [m—n]S \ [m^n]T. 

The idea can be generalized. Suppose {^, )i<,<„ is a finite collection of disjoint conditions, meaning that |= A ^ ± 
for all i, j < n such that i + j. The conditional choice ipfai is defined in the following fashion. 

YjViTi “ ^iTil ... (10) 

In practice most choice operations are actually conditional choices IfTSl . Another form of choice is the so-called 
internal choice, defined as follows; 

Y^if/iT.Ti ic)(i//ic.Ti\ ... \i//„c.T„\c), (11) 

!</<« 

where {i/',)i<,<„ is a collection of conditions and c appears in none of Ti,... ,T„. 

In Il2^ it is shown that the replication, the fixpoint operation and the parametric definition are equivalent in the 
TT-calculus, as long as all the choices are guarded. The fixpoint operator plays an indispensable role in proof systems 
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for regular processes. The parametric definition is strictly more powerful in some variants of the 7r-calculus. Proof 
systems for regular 7r-processes will not be a major concern of this paper. In all the qualihed name-passing calculi 
studied in the present paper the parametric dehnition is equivalent to the replicator. We shall therefore ignore both the 
hxpoint and the parametric dehnition in the rest of the paper. 

Some more notation and terminology need be dehned. Given an action A, we may dehne A as follows: 


db. 

II 

ab. 

II 

ab. 

II 

T, 

II 


The notation £ should be understood accordingly. We shall write _ for a hnite sequence of something of same kind. 
For example a hnite sequence of the names ci,..., c„ can be abbreviated to F. Let be the rehexive and transitive 

T A A A 

closure of —>. We write —> for the syntactic equality = if A - t and for —> otherwise. The notation stands for 

—»=>. If /I* - Ai ... A„, we write P if P Pi ... for some Pi,..., P„. If P P', we say that P' 

is a descendant of P. Notice that Pisa descendant of itself. 

In sequel a relation always means a binary relation on the processes of the 7r-calculus or one of its variants. If P. is 
a relation, "P ' is the reverse of ‘P and P'RQ for membership assertion. If 'R' is another relation, the composition "P; R' 
is the relation {(P, Q) \ 3L.PRL A LR'Q], 


2.3 Variants 

A number of ‘subcalculi’ of n have been studied. These variants are obtained by omitting some operators. They can 
also be obtained by restricting the use of the received names, or the use of continuation, or the forms of prehx etc.. In 
this section we give a brief summary of some of the variants. Our dehnitions of the variants are slightly different from 
the popular ones, since we attempt to give a systematic classihcation of the 7r-variants. 

The guarded choice is a useful operator in encoding. It is also a basic operator in proof systems. The independence 
of the choice operator from the other operators of the 7r-calculus is established in for example IIFTI l28l . A lot of 
programming can be carried out in the ;7r-calculus using prefix terms rather than the guarded choice terms 01031ll04ll . 
We will write for the subcalculus of n obtained by replacing the guarded choice terms by the prehx terms of the 
form n.T. In many aspects n'~ is just as good as tt. It is for example complete in the sense that one may embed the 
recursion theory llTSll in ji~. See ll27l for detail. The calculus can be further slimmed down by removing the match 
and the mismatch operators. We shall call it the minimal n-calculus and shall denote it by It is conjectured that 
TT^ is considerably weaker than tt . The intuition behind the conjecture is that the if-command cannot be faithfully 
encoded in . 

Some of the syntactical simplihcations of the 7r-calculus have been studied in literature. Here are some of them: 

• Merro and Sangiorgi’s local ;7r-calculus forbids the use of a received name as an input channel ll5^ l5^ . The 
word ‘local’ refers to the fact that a receiving party may only use a received local name to call upon subroutines 
delivered by the sending party. The calculus can be seen as a theoretical foundation of the concurrent and 
distributed languages like Piet and Join ll22ll . The local variants we introduce in this paper are obtained 
from the 7r-calculus by restricting the use of the received names. A received name may be used as an output 
channel or an input channel. It may also appear in the object position. This suggests the following three variants. 
In the grammar for prefix is 


In TT^ the syntax of prehx is 


and in tt^ it is 


7T a(x) I nm. 


n n(x) \ am, 


n n(x) I nc. 
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In 7T^ only control information may be communicated, data information may not be passed around. A piece of 
control information may be sent once, it may not be resent. 

Other well known variants are syntactical simplifications of tt . Let’s see a couple of them. 

• The TT-process \a{x).T can be seen as a method that can be invoked by a process of the form ac.S. This object 
oriented programming style is typical of the name-passing calculi. The object may invoke the method several 
times. It follows that the method must be perpetually available. The minimal modification of n that embodies 
this idea is Tr'^-calculus with following grammar; 

S,T := 0 I nm.T | 5 | T | ic)T \ [p^q]T \ [pi^q]T \ \n{x).T. 

The superscript O refers to the fact that Tr'^-calculus has only proper output prefix; it also reminds of the object 
oriented programming style. The dual of Tr'^-calculus, Tr^-calculus, is defined by the following grammar. 

S,T := 0 I n(x).T | 5 | T | (c)T \ [p^q\T \ [pi^q\T \ \nm.T. 

The relationship between n' and tt® is intriguing. There is a straightforward encoding [J' from the former to 
the latter defined as follows: 

Hpf 

Mx).Tf = n(c)Mx)JTf, 

c\pf 

l\nm.Tf = ln(x).Jm.lTf. 

The soundness of this encoding is unknown. Both and have too weak control power to be considered as 
proper models. In for example, a name cannot be used to input two ordered pieces of information since a 
sending party would get confused. There is no way to define for example a polyadic prefix term like a(x,y).T. 
We shall not consider these two variants in the rest of the paper. 

• Honda and Tokoro’s object calculus HTl 1421 l43l and Boudol’s asynchronous 7r-calculus ifT^ are based on the 
idea that an output prefix with a continuation does not interact with any environment. Instead it evolves into a 
process representing the continuation and an atomic output process whose sole function is to send a name to an 
environment. This is captured by the following transitions. 

ac.T —> ac\T, (12) 

ac\a(x).T —> 0|r{c/r). (13) 

(fOl) is absolutely necessary, whereas (O can be avoided in view of the fact that ac.T must be equal to ac \ T. 
Moreover if we think asynchronously the replication, match and mismatch operators should not apply to the 
processes of the form rim. This explains the following grammar of 

S,T := 0 I nm I ^ ifnmix).! | 5 | T | (c)T \ \n(x).T, 

iel 

where i/r is a finite sequence of match/mismatch operations. The standard prefix operators can be mimicked in 
71^ in the following way lfT2l : 


p(u).(d)(lM\d(x).lSJ), (14) 

(c)(:pc\c{v).(vq\m))- (15) 

This encoding of the output prefix is however not very robust from the observational point of view. In fact IflTlI 
have proved that no encodings of the output prefix exist that preserve must equivalence. If divergence is not seen 
as an important issue, then there are interesting encodings into the asynchronous ;7r-calculus as shown in 1^ 
and in ll6^ . The asynchronous calculi have a very different flavor from the synchronous calculi. We will not 
discuss tT' in the rest of the paper. But see ||25]| for an alternative approach to the asynchronous process calculi. 


Ip(x).51 “ 
Ipq-n “ 


9 


• A more distant relative is Sangiorgi’s private n-calculus El, initially called ;7r/-calculus ll82ll . The grammar of 
7T^ differs from that of n in the definition of prefix. In it is given by the following BNF. 

TT ;= n{x) I n(c). 

Unlike all the above variants, the Tr^-calculus has a different action set than the 7r-calculus. There are no free 
output actions. One has typically that 


a(x).S I a{c).T —> (c)(5 {cjx] \ T). 

In ji’’ the name emitted by an output action is always local. It is worth remarking that this particular Tr^-calculus 
is not equivalent to the version in which replications are abolished in favor of parametric definitions ll82l l28l . 
It is interesting to compare Tr^-calculus with rr'^-calculus. In both models the messages communicated at run 
time are foreordained at compile time. The difference is that in Tr^-calculus only local messages can be released, 
whereas in -calculus global messages may also be transmitted. Despite the results established in IQ, the 
variant n‘‘ appears much less expressive than . For one thing the match and mismatch operators in n‘‘ are 
redundant. So it is more precise to say that is a variant of Since has a different action set than we 
shall not discuss it in this paper. 

One may combine the restrictions introduced in the above variants to produce even more restricted ‘subcalculi’. 
Some of these ‘subcalculi’ can be rejected right away. For example the variant in which the received names can only 
be used as data is equivalent to CCS. Another counter example is the variant in which both the input capability and the 
output capability are perpetual. This calculus is not very useful since no computations in this model ever terminate. 
It simply does not make sense to talk about Turing completeness for this particular calculus. Metro and Sangiorgi’s 
local TT-calculus is the asynchronous version of without the match/mismatch operators. In [Thl the authors 
look at some asynchronous versions of and . Their work puts more emphasis on the perpetual availability of the 
input/output actions. 

A crucial question can be asked about each of the variants: which are complete? At the moment we know that 
TT,7r^,7r*,7r‘^,7r^ are complete. See ll27l for a formal definition of completeness and II 1051 for additional discussions 
and proofs. 

3 Equality 

The starting point of observational theory is to do with the definition of process equality. It was realized from the very 
beginning ll54l[84l that the equalities for processes ought to be observational since it is the effects that processes have 
in environments that really matter. Different application platforms may demand different observing powers, giving rise 
to different process equalities. This interactive viewpoint lf58l lies at the heart of the theory of equality. In a distributed 
environment for example, a process is subject to perpetual interventions from a potentially unbounded number of 
observers in an interleaving manner. Here the right equivalences are bisimulation equivalences. In a one shot testing 
scenario, equivalent processes are indistinguishable by any single tester in an exclusive fashion. It is nobody’s business 
what the equivalent processes would turn into after a test. This is the testing equivalence. In this section we take a 
look at both the bisimulation approach and the testing approach. 

3.1 Absolute Equality 

A reasonable criterion for equality of self evolving objects is the famous bisimulation property of Milner ||5^ and 
Park 161. 

Definition 2. A relation 'R is a weak bisimulation if the following statements are valid. 

1. If —> P' then Q Q'R^^P' for some Q'. 

2. IfPRQ —> Q' then P P'RQ' for some P'. 
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The bisimulation property captures the intuition that an equivalence for self evolving objects should be maintain¬ 
able by the equivalent objects themselves when left alone. It is no good if two self evolving objects were equivalent 
one minute ago and will have to evolve into inequivalent objects one minute later. Bisimulation is about self evolving 
activities, not about interactive activities. What more can be said about self evolution? An evolution path may expe¬ 
rience a series of state changes. At any particular time of the evolution, the process may turn into an equivalent state, 
and it may also move to an inequivalent state. Inequivalent states generally exert different effects on environments, 
while equivalent states always have the same interactive behaviors. Definition|2]can be criticized in that it overlooks 
the important difference between these two kinds of state transitions. The rectification of Definition |2 is achieved 
in MlOll by the branching bisimulation. The following particular formulation is given by Baeten ||4l. 

Definition 3. A binary relation K is a bisimulation if it validates the following bisimulation property. 

1. If Qfir^P —> P' then one of the following statements is valid. 

(a) Q => Q' for some Q' such that Q"R^^P and Q"Rr^P'. 

(b) Q => Q'"R^^P for some Q" such that Q" —> Q"R^^P' for some Q'. 

2. If PRQ —» Q' then one of the following statements is valid. 

(a) P => P' for some P' such that P'HQ and P"RQ'. 

(b) P P'''RQ for some P" such that P" —> P'^iQ' for some P'. 

Since we take the branching bisimulations as the bisimulations, we leave out the adjective. 

A process not only evolves on its own, it also interacts with other processes. A plain criterion for the equalities of 
interacting objects is that an equality between two objects should be maintainable no matter how environments may 
interact with them. It is extremely important to get it right what an environment can and cannot do. In a distributed 
scenario, an environment may interact with a process placed in the regional network. An environment is not capable of 
grabbing a running process and reprogram it as it were. So it would not be appropriate to admit, say a{x).{_{xla] \ O), 
as an environment. 

Definition 4. An environment is a process of the form (c)(_| O) with the specified hole indicated by 

A prerequisite for two processes P, Q to be observationally equivalent is that no environment can tell them apart. 
But saying that the environment (c)(_ | O) cannot observe any difference between P and Q is nothing but saying that 

(c)(P I O) and (c)(Q \ O) are observationally equivalent. Hence the next definition. 

Definition 5. A relation P. is extensional if the following statements are valid. 

1. IfLfRM and PPQ then {L\P)'R{M\ Q). 

2. If PPQ then (c)P P {c)Q. 

I 

Process equivalences are observational. A process P is observable, written Pjj, if P —> P' for some P'. It is 

t 

unobservable, written Pjf, if it is not observable. Occasionally we write PJjf for 3P .P —» P and similarly Pi{ 

e 

for 3P'.P —> P'. It should be apparent that two equivalent processes must be both observable or both unobservable. 

Definition 6. A relation P is equipollent ifPil <=> Qli. whenever PPQ. 

Equipollence is the weakest condition that an observational equivalence has to satisfy. Now suppose P and Q are 
observationally inequivalent. If we ignore the issue of divergence, then there must exist some I such that PJjf and for 
all {' such that QJIr-, the actions I and P exert different effects on some environment (c)(_| O). As we mentioned just 
now, what this means is that (c)iP \ O) and (c){Q \ O) are observationally inequivalent. So we may repeat the argument 
for (c)iP I O) and (c)iQ \ O). But if the calculus is strong enough, say it is complete, then the inequivalence eventually 
boils down to the fact that one delivers a result at some name and the other fails to do so at any name. Notice that the 
localization operator plays a crucial role in this argument. 
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The theory of process calculus has been criticized for not paying enough attention to the issue of divergence. This 
criticism is more or less to the point. If the theory of process calculus is meant to be an extension of the theory of 
computation, a divergent computation must be treated in a different way than a terminating computation. How should 
we formulate the requirement that process equivalences should be divergence respecting. A property that is not only 
divergence preserving but also consistent with the idea of bisimulation is codivergence. 

Definition 7. A relation is codivergent ifP'RQ implies the following property. 

1. If Q —> Qi —> ■ ■ ■ —> Qn —> ■ ■ ■ is an infinite internal action sequence, then there must be some k > \ and 
P' such that P P' P. Qk. 

2. If P —> Pi —> ■ ■ ■ —> Pn —> ■ ■ ■ is an infinite internal action sequence, then there must be some k > \ and 
O' such that Q => Q' * P^. 

Using the codivergence condition, one may define an equivalence that is advocated in Il27l as the equality for 
process calculi. 

Definition 8. The absolute equality = is the largest relation such that the following statements are valid. 

1. It is reflexive. 

2. It is equipollent, extensional, codivergent and bisimilar. 

Alternatively we could define the absolute equality as the largest equipollent codivergent bisimulation that is closed 
under the environments. 

The virtue of Definition [8] is that it is completely model independent, as long as we take the view that the com¬ 
position operator and the localization operator are present in all process calculi. From the point of interaction, there 
cannot be any argument against equipollence and extensionality. From the point of view of computation, there is no 
question about codivergence and bisimulation. The only doubt one may raise is if Definition |8] is strong enough. We 
shall demonstrate in this paper that as far as the 7r-calculus is concerned, the absolute equality is the most appropriate 
equivalence relation. 

This is the right place to state an extremely useful technical lemma ll23l . the Bisimulation Lemma. Although 
worded for =, Bisimulation Lemma, called X-property by De Nicola, Montanari and Vaandrager ll20l . is actually valid 
for all the observational equivalences. 

Lemma 9. If P Q and Q P, then P - Q. 

A distinguished property about the absolute equality is stated in the next lemma. It is discovered by van Glabbeek 
and Weijland IIIOII for the branching bisimilarity. 

Lemma 10. IfPo —> Pi —> ... —> = Pq then Pq — Pi - ... - P^. 

A consequence of Lemma 1 101 is that if P = Q —> Q', then any simulation P —> P\ —> ... —> —> P' 

of Q —> Q' by P must satisfy the property that P — Pi - ... - P^. This phenomenon motivates the following 
terminologies. 

1. P —> P' is deterministic, notation P ^ P', if P - P'. 

2. P —> P' is nondeterministic, notation P —» P', if P 9^ P'. 

A deterministic internal action can be ignored. A nondeterministic internal action has to be properly simulated. The 
notation stands for the reflexive and transitive closure of —> and —for the transitive closure. We will write P 
to indicate that P P' for no P'. 

Since the absolute equality applies not just to tt and its variants but to all process calculi, the notation could be 
confusing when more than one model is dealt with. To remove the ambiguity, we sometimes write for the absolute 
equality of model M. The same notation will be applied to other process equivalences. In this paper, we write V for 
an arbitrary 7r-variant. 
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3.1.1 External Bisimilarity 

The external bisimilarity requires that all observable actions are explicitly simulated. This is commonly referred to as 
branching bisimilarity if the codivergence is dropped OlOlL 

Definition 11. A codivergent bisimulation ofY is a V-bisimulation if the following statements are valid for every 

1. IfQR-^P -U P' then Q ^ Q" -U Q’^-^P’ and PKQ” for some Q', Q". 

2. IfPHQ Q' then P ^ P” -U P'<RQ' and F'KQfor some F, P”. 

The V-bisimilarity the largest Y-bisimulation. 

V-bisimilarity is a more effective counterpart of the absolute equality =v. The latter provides the intuition, while 
the former offers a tool for establishing equational properties. The proof of following fact is a standard textbook 
application of the bisimulation argument. 

Lemma 12. The equivalence is closed under input choice, output choice, composition, localization, match, mis¬ 
match, and guarded replication. 

An immediate consequence of LemmafT2lis the inclusion described in the following lemma. 

Lemma 13. ^y c -if. 

If the processes of a model has strong enough observing power, then the absolute equality is as strong as the 
external bisimilarity. This is the case for the 7r-calculus. The proof of the following theorem resembles a proof in Il2^ . 

Theorem 14. The n-bisimilarity coincides with the absolute equality 

Proof. In view of LemmafTJl we only have to prove c Let P. be the relation 


f 

(ci,. 

. , C„)(^Ci 1 . 

• 1 1 

P)^n 1 

\(P,Q) 

(ci,. 

. , C„)(^Ci 1 . 

• 1 1 

0), 

1 

{fll,. 

. ,a„) r\gn{P 

10 = 0, 

n > 0 j 


To appreciate the relation notice that {c'c"){a'c' \ a"c" \ P) (c)(a'c | a"c | Q) for all P, Q such that {a', a''}r\gn(P \ Q) = 
0. We prove that Ti is an external bisimulation up to ~, where ~ is defined in Section [3. 1.21 Now suppose A B 
where 

dcf 

A - {c\,...,Cn){a\C\ \ ...\anC„\P), 

def _ _ 

B = (ci,...,c„)(aici I ... |a„c„|0, 

I 

such that {«!,..., a„) n gn{P \Q) and n > 0. Consider an action P —> P' of P. There are four cases. 

\. i — ab. Let C be al? + ac.d for some fresh name c. By equipollence and extensionality, A \ C —> A' \ 0 must be 
matched up by B | C ^ B" \ C —^ B' \ 0 for some B', B". Since B" \ C —^ B' \ 0 must be a change of state, it 

must be the case that A | C B" | C. It follows easily from Bisimulation Lemma that B B" —> B' A'. 
Clearly 


A' = (ci,...,c„)(^ci I ... |^c„|B'), 

B' = (ci,...,c„)(^ci| ... |a;;c„|0), 

B" = (ci,...,c„)(^ci| ... |a;;c„|g"), 

for some P', Q', Q". It follows from B B" B' that Q ^ Q" Q'. Moreover PHQ" and P"RQ' by 
definition. 
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2. ( - ab for some b i {ci,..., c„). Let c, d be fresh and let D be defined by D = a(x).[x-b]c + a(x).d. Now 
A I D —> A' I [b-b]c must be simulated by 

B\D^ B”\D-^ B’\ [b=b]c. 

The rest of the argument is the same as in the previous case. 

3. { - a(b) and b i {ci,..., c„}. Let E be the following process 

a(x).[x i gn(P I 0]a„+ix + a(x).d, 
where d, a„+i are fresh. The rest of the argument is similar. 

4. f - dci for some / e {1,..., n). Let F be the process 

a(x).ai(y).[x^y]a'.y + a(x).d, 

where d, a'- are fresh. The rest of the argument is again similar. 

Additionally we need to consider the external actions of P, Q that communicate through one of the names ci,..., c„. 
There are seven cases. In each case we are content with defining an environment that forces external bisimulation. 

Cib 

1. P —^ P\ Let H be the following process 

ai(z).(zb.a'.z + zd) 

for some fresh d, a'. 

CjCj 

2. P —> P' such that i + j. Let I be the following process 

ai(z).aj(y).(zy.(a'jy I a'.z) + zd) 

for some fresh d, a’,, a’.. 

' J 

CiCi 

3. P —> P . Let J be the following process 

ai(z).(zz.a'.z + zd) 

for some fresh d, a'-. 

~ih 

4. P —> P . Let K be the following process 

ai{z).{z{x).[x-b]a'.z + z(x).d) 

for some fresh d, a'-. 

q(c) 

5. P —> P\ Let L be the following process 

ai(z).(z(x).[x i gn(P \ 0](a„+ix | a'.z) + z(x).d), 

where d, a„+i,a'. are fresh. 

~iCj 

6. P —> P' such that i + j. Let M be the following process 

ai(z).(z(x).aj(y).[x^y](a'jy \ a'-z) + z{x).d) 

for some fresh d, a'., a'.. 

^ J 
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Figure 1: External Characterization of 


CjC: 

1. P'. 


Let N be the following process 


ai(z).(z(x).[x=z]a'.z + z(x).d) 


for some fresh d, a\. 

We are done. □ 

We remark that the output choice is crucial in the above proof, but the input choice is not really necessary. A 
slightly more complicated proof can be given without using any input choice. At the moment we do not see how the 
theorem can be established without using the output choice. 

The external characterization of the absolute equality for a particular model is an important issue. It has been re¬ 
solved for TT^, TT* in 11051 . It is definitely a technically interesting but probably tricky exercise to remove the remaining 
question marks in Fig.[T] 

Problem 15. What are the answers to the questions raised in Fig. QJ' 

There is a standard way to extend the absolute equality from processes to terms. The following definition is 
well-known. 

Definition 16. Let be a process equivalence. Then S ^ T ifSp “ Tp for every assignment p such that fv(S \ T) c 
domip). 

The equivalence = on ;7r-terms satisfies two crucial equalities. One is 

T ^[x^y]T\[x^y]T. 

The other is 

[x+y]A.T - [x+y]A.[xi^y]T. 

Both equalities explain the role of the name variables. It is the viewpoint 
should validate both (fThl l and (fTTI) . 

3.1.2 Strong Equality and Weak Equality 

The only way to refine the absolute equality in a model independent way is to strengthen the bisimulation property. 
Among all the refinements of Definition[2 the most well known one is Milner and Park’s strong bisimulation 1^15^ . 

Definition 17. A symmetric relation “R is a strong bisimulation ifP —» P"RQ' for some P' whenever PRQ —> Q'. 

It is clear that a strong bisimulation is automatically codivergent. Hence the next definition. 

Definition 18. The strong equality is the largest reflexive, equipollent, extensional, strong bisimulation. 

The strong equality is the same as the strong bisimilarity of Milner 1561. 

Definition 19. A strong bisimulation is an external strong bisimulation if the following statements are valid for every 
£e£. 

1. IfQTF^P —> P' then Q —> Q'Rr^P' for some Q'. 


(16) 

(17) 

of this paper that all process equivalences 
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2. IfPliQ —> Q' then P —> P"RQ' for some P'. 

The external strong bisimilarity ~ is the largest external strong bisimulation. 

One finds a very useful application of the strong equality in the ‘bisimulation up to technique ll85l . The strong 
equality equates all the structurally equivalent processes. Some well known equalities are stated below. 

Lemma 20. The following equalities are valid. 

1. P\Q~P;P\Q-Q\P;P\{Q\R)~{P\Q)\R. 

2. (c)0 ~ 0; (c)(d)P ~ {d){c)P. 

3. {c){P\Q)~P\{c)Qifcign{P). 

4. [a-a]P ~ [a+b]P ~ P; [a4a]P ~ [a-b]P ~ 0. 

5 . \7T.P ~ 7T.P\\7T.P. 

In the other direction we may weaken the absolute equality by relaxing the bisimulation property a la Definition|3 

Definition 21. The weak equality is the largest reflexive, equipollent, extensional, codivergent, weak bisimulation. 

The external characterization of the weak equality is Milner’s weak bisimilarity 15^ enhanced with the codiver¬ 
gence condition. 

Definition 22. A codivergent bisimulation is an external weak bisimulation if the following statements are valid for 
every £ e X,. 

1. IfQfC^P —> P' then Q Q'Rt^P' for some Q'. 

2. IfPRQ —> Q' then P P'RQ' for some P'. 

The external weak bisimilarity ^ is the largest external weak bisimulation. 

The proof of Theorem[T4]can be extended to a proof of the following coincidence result. 

Proposition 23. The equivalences ^ coincide in n^, tC and n. 

The relationships between the strong equality, the absolute equality and the weak equality are stated in the next 
proposition. 

Proposition 24. The inclusions c = c are strict. 

Proof. It is well known that a.(T.hH-T.c) a.(T.h-i-T.c)-i-a.choldsbuta.(T.h-i-T.c) = a.(T.h-i-T.c)H-a.cis not valid. □ 

3.1.3 Remark 

In the theory of bisimulation semantics, the three major contributions are the bisimulation of Milner Il56ll and Park Il69ll . 
the branching bisimulation of van Glabbeek and Weijland 11011 . and the barbed bisimulation of Milner and San- 
giorgi IMl . Despite its nice properties Il20l 19811211 1^. the branching bisimulation is not as widely appreciated as it 
deserves. The absolute equality is introduced in Il27l with three points of view. The first is that bisimulation is a defin¬ 
ing property for the internal actions, it is a derived property for the external actions. This is very much the motivation 
for the barbed bisimulation. The second is that a nondeterministic internal action is very different from a deterministic 
one. The former must be strongly bisimulated, whereas the latter can be weakly bisimulated. This is in our opinion 
the philosophy of the branching bisimulation. The third is that codivergence and bisimulation complement each other. 
Deterministic internal actions are ignorable locally but not globally. The notion of codivergence is formulated by 
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Priese Ga. The correlation of the codivergence property to the bisimulation property is emphasized independently by 
Fu lIZTl and by van Glabbeek, Luttik and Trcka 1 10011 . 

Several other bisimulation based equivalences have been proposed for the 7r-calculus. First of all let’s take a look 
at the first equivalence proposed for the 7r-calculus ll60l . the early equivalence. For the sake of illustration let’s denote 
by i the largest equipollent codivergent weak bisimulation. We say that P, Q are early equivalent, notation P Q, 
if (c)(P I 0)ii(c)(Q I O) for every environment (c)(_ | O). Despite the result in 11791 . it is still an open problem if 
coincides with the weak bisimilarity But the issue is not that important in view of the following incompatibility one 
finds in the definition of ssg. 

• The bisimulation property together with the equipollence property assume that the environments are dynamically 
changing. 

• The closure under the environments in the beginning of the observation says the opposite. 

The so-called late equivalence 11^1721 has also been studied in literature, especially when one constructs proof sys¬ 
tems. The late equivalence is not really an observational equivalence. As long as the one step interactions are atomic 
actions, there is no way to tell apart by a third party the difference between a{x).P + a(x).Q and a{x).P + a(x).Q + 
a{x).([x=d]P + {xi^d\Q). Even if the late equivalence is useful when names are treated uniformly, it is a less attractive 
equivalence when name dichotomy is applied. 

Another well known equivalence for the 7r-calculus is the open bisimilarity lf83]l . The open approach was meant 
to deal with the open 7r-terms head-on. A closely related equivalence is the quasi open bisimilarity ll8^l24l . An open 
bisimulation is a distinction indexed set of relations. In the presence of the name dichotomy, an indexed family of 
relations is no longer necessary. The following is the standard definition of the open bisimilarity iterated in the present 
framework. 

A codivergent bisimulation 7? on 7“ is an open bisimulation if the following statements are valid. 

1. If 5 liT then ScrUTcr for every substitution cr. 

2. If TPr^S S' then T ^ T"R-^S' for some T’. 

3. IfSKT r then S M S"RT' for some S'. 

The open bisimilarity is the largest open bisimulation. 

The relation should be given up. For one thing it fails (fThl l. The term aa for example cannot be simulated by 
[x=y]da I [xi^yjaa. If one tries to correct the above definition, one soon realizes that what one gets is the weak equality. 

3.1.4 Algebraic Property 

This section takes a closer look at the absolute equality on the 7r-terms. The goal is to reduce the proof of an equality 
between 7r-terms to the proof of an equality between 7r-processes. To describe the reductions, we need to fix some 
terminology and notation. We will write c f for the finite subset relationship. If 'F Qf N TVy, then Tc stands for 
T Pi N and Tv for T P Nv. Given such a finite set T, a condition ijj may completely characterize the relationships 
between the elements of T. This intuition is formalized in the next definition. 

Definition 25. Suppose T Qf N LI Ny. We say that a satisfiable condition xjj is complete on T, ifT - n{ifr). Tv - v{^) 
and for every x & Tv and every q e T it holds that either tf/^x-qorij/^x + q. A condition ij/ is complete if it is 
complete on n{ij/) U vif/). 

The defining property of Definition |25] immediately implies the following lemma. 

Lemma 26. Suppose ip is complete on T and nif/) U vif) c T. Then either (p ^ if or ipif/ ±. 

It follows from Lemma |2^ that if both ip, if are complete on T then either ip if or ipif <=> ±. This fact indicates 
that we may apply complete conditions to carry out case analysis when reasoning about term equality. A case analysis 
is based on a complete disjoint partition. 
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Definition 27. Suppose IF £/ ATU TV^. A finite set {i^;),e/ is a complete disjoint partition offi' if the following conditions 
are met. 

1. tpi is complete on 'F for every i 6 I. 

2- Vie/ Vi ^ T. 

3. (pi A pj X/or all i, j such that i + j. 

Given a set 'F Qf N U A/j>, there is always a complete disjoint partition on IF. So one can always apply a partition 
to a ;7r-term. 

Lemma 28. T ~ Yjiei ViT, where {pi]iei is a complete disjoint partition of gn(T) U fv{T). 

Now suppose p is complete on gn{S \ T) U fv{S \ T). Usually it is much easier to prove pS - pT than to prove 
S - T. So there is a strong interest in the result stated next. 

Lemma 29. Let {pi]iei be a complete disjoint partition ofgn(S \ T) U fv{S \ T). Then S — T if and only if piS — piT 
for every i 6 I. 

How can we reduce the equality proof of pS - pT further if p is complete on say {a,b,x,y,z] - gn(S \ T) U 
fv(S I T)1 Suppose p is {x-y}\y-a'\{z=b}. Consider the equality pS - pT. This equality is the same as 

pS{alx,aly,blz} - pT{alx,aly,blz}, 

which can be reduced to S {alx,aly, b/z} - T{alx,aly, b/z). The substitution {alx,aly, b/z} has the property that it 
agrees with the condition x-a A y-a A z-b and its domain set and range set are subsets of {a, b, x, y, z}. Substitutions 
of this kind are very useful when rewriting tt- terms. 

Definition 30. An assignment p agrees with f, and if/ agrees with p, if the following statements are valid. 

1. v{ip) C dom{p). 

2. For each x 6 v(if/) and each a e n{ifi), if/ ^ x — a if and only ifp(x) — a. 

3. For all x,y e v(if/), if/ ^ x — y if and only if p{x) - piy). 

A substitution cr is induced by if/ if it agrees with if/ such that nioj c n{if/), v{aj c v{if/) and dom(oj — v(if/). 

There could be many assignments that agree with if/ and many substitutions that are induced by if/. We shall write 
Ptjj for some assignment that agrees with if/ and cr^ for some substitution that is induced by if/. It should be clear that 
if if/ is complete, then (jf{x) + cr^{y) if and only if if/ ^ x V y if and only if Pf{x) + Pfiy)- The validity of the next 
lemma is obvious. 

Lemma 31. pT ~ pTcr^. 

So we have reduced the proof of 5 = T to the proof of pS cr^ - pT cr^ for some p complete on gn{S \ T) U/v(5 | T). 
Now the match conditions which appear in p are inessential. We may apply the following lemma to remove all the 
match conditions. 

Lemma 32. The following statements are valid. 

1. Ifn i gn(S I T) U fv(S \ T), then {xVn]S — {xVn\T if and only if S — T. 

2. If X i fv(S I T), then {x—n^S — {x—n\T if and only if S — T if and only ^{x+n^S — {x+nfr. 

After Lemmawe may assume that an equality to be proved is of the form d'jrS - dj^T, where IF = gn{S \ T) U 
fv{S I T) and 6f is the conjunction 

l\{x p n \ X e Fv, n & F and x, n are distinct). 

In the last step of the reduction we apply the following result. 
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Lemma 33. 6yrS - dy^T if and only ifSp^^ - Tpg^, where T - gn(S \ T) U fv{S \ T). 


It should be remarked that dy^S - Sy^T is an equality between two open ;7r-terms, whereas S ps^ - T ps^ is an 
equality between two 7r-processes. The proof of Lemma[33]is immediate in view of the following fact. 

Lemma 34. If P - Q then Pa - Qafor every renaming a. 

We conclude that all equality proofs for 7r-terms can be transformed to equality proofs for 7r-processes. 

Lemma l29l Lemma Lemmal^and Lemma [3^ are also valid for 

It is difficult to attribute the above lemmas to the original authors. It would be fair to say that the early researchers 
on the TT-calculus were all aware of the properties described in these lemmas. See for example the work of Parrow and 
Sangiorgi 11721 and Lin Il49l . 

3.2 Testing Equivalence 

The testing equivalence of De Nicola and Hennessy lfT9l[^ is probably the best known nonbisimulation equivalence 
for processes. In the testing approach, one only cares about the result of observation, not the course of observation. To 
define a testing equivalence, one needs to explain what the observers are, how the observers carry out tests, and what 
counts as the result of a test. In the spirit of observation theory, there is not much room for variation. The observers are 
the environments. A test by the observer (c)(_| 6>) on a process P is a complete internal action sequence of (c)(P \ O). 
The result of a test can be either successful or unsuccessful. From the point of view of observation, the success of a 
test can only be indicated by an observable action. The only variations that may arise are concerned with the way the 
successes are reported. 

This subsection serves two purposes. One is to demonstrate that the testing theory for the ;7r-calculus is just as 
simple as that for CCS. The second is to give a model independent characterization of the testing equivalence. In 
Section 13.2.11 and Section 13.2.31 we will use the separated choice to achieve greater observing power. Syntactically 
the separated choice terms are given by 

2n,(x).r, and ^ niniiTj. 
iel iel 

The semantics is defined by the following standard rules: 

- i 6 I -^- i e I 

Y,ieiai(x).Ti Ti{c/x} Ti 

The separated choice operator allows one to define derived terms like t.S + a{x).T. 

3.2.1 May Equivalence and Must Equivalence 

The testing machinery of De Nicola and Hennessy lfT9ll can be summarized as follows. 

• Success is indicated by the special action to. 

• In the presence of to, the observers can be simplified to the environments of the form _ | O. There is no need for 
the localization operator. An observer O is obtained from some process by replacing some occurrences of 0 by 

CO. 

• A test of P by (9 is a complete internal action sequence of P | 6>. 

• A test of P by (9 is DH-successful if at some state of the test, the to action is immediately fireable. It is unsuc¬ 
cessful otherwise. 

• A binary relation 7? on processes satisfies the may predicate if PP.Q implies that, for every observer (9, some 
test of PI (9 is DH-successful if and only if some test of Q | (9 is DH-successful. 

• A binary relation 7? on processes satisfies the must predicate if PP.Q implies that, for every observer (9, all tests 
of PI (9 are DH-successful if and only if all tests of 21 (9 are DH-successful. 
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or 

def 

T.O 



def 

T.o) -1- ab.O"^, 


^ab.e 

def 

T.O) + a(z).([zi^b]T.Lo 

[z=h]T.Or'"*’) 


def 

T.co + a(z).([zef]T.oj 



Figure 2: Trace Observer. 


Using the above terminology, we may define the may equivalence ^may as the largest relation on the 7r-processes 
that satisfies the may predicate, and and the must equivalence ~must, as the largest relation that satisfies the the must 
predicate. Let’s see some illustrating examples. 

• A I !t ssmoy A.. The may equivalence ignores divergence. 

• A I !t iimust A if A is terminating. The must equivalence is discriminating against divergent processes. 

• A I !t ^must B I !t even if A ^must B. It is often said that divergence is catastrophic for must equivalence. 

It is obvious from these examples that ~must is incompatible to both and Milner’s weak bisimilarity, which is 
really undesirable. The may equivalence behaves better. It is well known that is nothing but the so called trace 
equivalence. A proof of this coincidence can be found in lfT9l . 

Lemma 35. P ~may Q if and only if . (P o (Q 

All observational equivalences should subsume the trace equivalence 1951 . For the must equivalence this is true 
only for a set of hereditarily terminating processes. The following definition and lemma are from im. 

Definition 36. A process is strongly convergent if all the descendants of the process are terminating. 

Lemma 37. P ^must Q implies P ^may Q if P,Q are strongly convergent. 

Proof. We start by defining the trace observer generated by some t* 6 £f and some finite subset T of N. The 
structural definition is given in Fig. |2] Notice that the input choice and the output choice are necessary to define the 
trace observer. Without loss of generality assume that P ^^ay Q- Then there must exist some nonempty e Jf 

c\ c\ 

such that P => and -^{Q Let T'' be gn{P \ Q). Obviously P \ Of has an unsuccessful test. Since Q is strongly 

'i 

convergent, it does not induce any infinite computation. It follows that all the tests of Q \ OZ, are successful. □ 

^1 

3.2.2 Remark 

The proceeding section has pinpointed the problems with the must equivalence. Let’s summarize. 

I. Something must be wrong with the fact that Milner’s weak bisimilarity is not a sub-relation of the testing equiv¬ 
alence. Both the weak bisimilarity and the testing equivalence are to blame since neither deals with divergence 
properly. Moreover there is no excuse for ~must^~may- 

11. It is a bit odd to introduce a special symbol a> to indicate success. The action a> introduces an asymmetry 
between testers and testees. In De Nicola and Hennessy’s approach, a testing equivalence is always defined for 
a particular process calculus. The definition may vary from one calculus to another. If the testing equivalence 
is really a fundamental equivalence for processes, there ought to be a model independent definition of the 
equivalence that applies to all calculi. The model independent characterization should be able to provide some 
canonicity for the testing approach. 


20 



There have been several attempts cainiiiiiiioiin] to modify the definition of must equivalence in order to resolve 
issues I and 11, Let’s review some of the proposals. 

I. Brinksma, Rensink and Volger’s should equivalence Gl and Natarajan and Cleaveland’s/a/r testing equiva¬ 
lence ll62]| are two modifications proposed to address issue I. These two variants are essentially defined over the 

(jJ 

same success predicate. A test of R by (9 is FS-successful if Q whenever P \ O Q. A binary relation 
K on processes satisfies fair/should predicate if PP.Q implies that, for every observer O, all tests of P\0 are 
FS-successful if and only if all tests of Q\0 are FS-successful. Let be the largest relation that satisfies this 
predicate. This equivalence stays between Milner’s weak bisimilarity and the trace equivalence. 

II. Boreale, De Nicola and Pugliese address issue II in IfTOlfTTII . Instead of using the special symbol w, they let 
all the observable actions to indicate success. Their version of the fair/should predicate is based on a slightly 

t 

different notion of success. A test of P by (9 is BDP-successful at f if 2 whenever P \ O Q. Notice 
that there is a guarantee at { predicate for every { e Boreale, De Nicola and Pugliese’s equivalence ^bdp is 
the largest reflexive contextual relation satisfying all the guarantee at ( predicates. It is proved in IfTOl that ^bdp 
coincides with a ;ps for the calculus considered in ifTOl . The significance of their approach is that it provides a 
characterization of the must equivalence without resorting to any testing machinery. 

We shall cast more light on ^ps and ^bdp next. 

3.2.3 Testing Equivalence without Testing 

Although the study in IfTOll is carried out for a particular calculus with a particular notion of context, Boreale, De 
Nicola and Pugliese’s approach to testing equivalence is basically model independent. In this section we shall give 
an even more abstract characterization of ^bdp in the style of the absolute equality. We start with a similar abstract 
characterization of the trace equivalence. The proof of the following lemma is essentially given in IfTOll . 

Lemma 38. The equivalence ~may A the largest reflexive, equipollent, extensional relation. 

In view of Lemma[38lwe may introduce the following definition. 

Definition 39. The diamond equality =<> is the largest reflexive, equipollent, extensional relation. 

The diamond equality is about the existence of a successful testing. A logical dual would be about the inevitability 
of successful testings. For the purpose of introducing such a dual, one needs to strengthen the equipollence condition. 

Definition 40. A process P is strongly observable, notation PJJ,, if P% for all P’ such that P P’. A relation P. is 
strongly equipollent ifPHQ ^ (PJJ, <=> gJJ,). 

After Definition |40l the following definition must be expected. 

Definition 41. The box equality =□ is the largest reflexive, strongly equipollent, extensional relation. 

Without further ado, we summarize the properties of by the next theorem. It says that the box equality improves 
upon the testing equivalence as expected. 

Theorem 42. The following statements are valid. 

1. The strict inclusions = Q C hold. 

2. The strict inclusion =□ C holds for the strongly convergent n-processes. 

3. The coincidence of—a and ~must holds for the finite n-processes. 

Proof. (1) The inclusion = £ is valid by definition. The strictness of the inclusion is witnessed by the pair a.b ■¥ a.c, 
a.(T.b ■+■ T.c). The proof of Lemma [J71 can be reiterated to show c The strictness is witnessed by the process 
pair a.{\b \ !c) and a.b.{\b \ !c) H- a.c.(\b \ !c). 

(2) Suppose P ~n Q and P t^must Q for strongly convergent processes P, Q. Assume without loss of generality that 
some observer (9 exists such that P \ O has an unsuccessful test while all the tests of Q\0 are successful. There are 
two cases: 
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• Suppose the failure test of P | (9 is the inhnite tau action sequence 

P\0^ {c,)(Px I Oi)... ^ (q)(P,' I (9,).... (18) 

If O performs an inhnite consecutive tau action sequence in (fTsT l. then it must be the case that P has performed 
only a hnite number of interactions with (9. According to (1), Q must be able to perform the same hnite 
sequence of external actions. But then Q \ O has an inhnite unsuccessful test of the shape (fTsT l. which contradicts 
the assumption. If (9 does not perform any inhnite consecutive tau action sequence in (fTsT l. then the strong 
convergence property guarantees that P must perform an inhnite number of external actions in (fTSl l. It follows 
from the assumption P Q that Q cannot perform the same inhnite number of external actions. It follows 
from the hnite branching property that P Q must hold, contradicting the other assumption. 

• Suppose the failure test of P | is a hnite internal action sequence. Let 9 be a fresh label andl: = gn{P \ Q \ O). 
It is clear that (c)(21 (9{/l/w)) il, but not (c)(P | (9{/i/cu)) JJ,. This is again a contradiction. 

We conclude that c holds for the strongly convergent 7r-processes. The strictness of this inclusion is interest¬ 
ing. Rensink and Vogler llTTl point out that 

a./iX.ia.X + b) + a.fiX.{a.X + c) (19) 

and 

a.nX.(a.{a.X + c) + b) + a.fiX.(a.(a.X + b) + c), (20) 

originally from Q, are testing equivalent. They are not fair/should equivalent. In the terminology of this paper (fT9l l 
and ( l20l l are not box equal. 

(3) We now prove that P ^must Q implies P -n Q for all hnite 7r-processes P, Q. Suppose P ^must Q and P +uQ for 
hnite P and Q. Take T - gn{P \ Q). Without loss of generality, assume that there were cT and (9 such that (c)(P | (9)iJ, 
holds but (c)iQ I (9)iL is not valid. Moreover since P, Q are hnite, we may assume that (9 is hnite. We may even 
assume that O does not contain the composition operator. Let (F)iQ' \ O') be a descendant of (c)(Q \ O) such that the 
followings hold; 

• (^{Q I O) (c')(2' I O') K and (c')(Q' | O') may not perform any r-actions. 

r /I FI 

• There is a sequence €* such that Q Q and O —> (9i O . 

Now construct a new process [[(91 from O. The effect of the function |[_1 on the guarded choice terms can be described 
as follows: 


[[a(.x).5-H a(x).Pl = r.m H-a(x).|[51 H-a(x).|[ri, 

_ _ def _ _ 

^am.S + an.TJ — t.(d + am.^SJ + am.^^TJ. 

The function [J is structural on the other operators. The process |[(91 is further modihed as follows: An observer (9",^ 
is obtained from |[(91 by removing all the components t.o) from the choice operations of [[(91 that lie in the path, as it 
were, beginning at (9i and ending at O'. It is clear that all tests of P j (9",^ are successful, whereas there is at least one 
unsuccessful test of Q \ (9^,^. This contradicts to the assumption P ^„,ust Q- □ 

The counter example given by the processes ([T9l l and (i20l) point out that the box equality is fairer than the testing 
equivalence. If we assume that the nondeterminism of the choice operator is implemented in a fair or probabilistic 
manner, a test of the former by fiX.Ca.X + b.aj) may or may not succeed. But all tests of (i20l l by the tester are successful. 
In the opinion of Rensink and Vogler IfTTl . the fairness assumption is built in the box equality. 

So far all the results in testing theory are model dependent. For example the coincidence between and ^bdp 
cannot be established in a model independent way. This is because to make sense of the fair/should testing one has 
to incorporate the special symbol at into a calculus, which is impossible without knowing the details of the model. 
Similarly the coincidence of ~fs, ~bdp, ~must on the strongly convergent processes is also model specific. For a 
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particular model like the ;7r-calculus one may show that ^bdp is the largest reflexive, strongly equipollent, extensional 
relation. But there is no way to prove the validity of this characterization for all models. Similarly the coincidence 
between ^bdp and can only be proved for individual models. The same remark applies to the trace equivalence. 
There are labeled transition systems for which one might not like to talk about traces at all. An example is a labeled 
transition semantics for a higher order calculus that defines transitions from processes to abstractions or concretions. 

It is in the light of the above discussion that the significance of the diamond equality and the box equality emerge. 
The former provides the universal definition of the trace equivalence, whereas the latter offers the universal definition 
of the testing equivalence. These definitions apply to all models of interaction. For a particular model it is possible to 
give an explicit counterpart of =□ or =^. The explicit versions of and =□ may depend heavily on the details of the 
model. The relationship between and its explicit characterization is like that between the absolute equality and the 
external bisimilarity. 

The outline for a model independent testing theory is now complete. 

3.3 Remark 

The model independent methodology can be applied to analyze dozens of process equivalences defined in literature. 
In particular it can be applied to evaluate the equivalence relations for example in the linear time branching time 
spectrum ||95l . We have confirmed in this paper that the diamond equality is the right generalization of the trace 
equivalence, the bottom of the spectrum. On the top of the spectrum, the absolute equality and the weak equality 
enjoy the model independent characterizations. It would be interesting to take a look at the other equivalences of the 
spectrum from this angle. Some of the equivalences are studied in the strong case. Their generalizations to the weak 
case might not be closed under composition. The model independent approach may help us in searching for the correct 
definitions. Good process equivalences are inedpendent of any particular model. 

It must be pointed out that it is often difficult to come up with an external characterization of an equality defined in 
a model independent manner. Let’s take a look at an interesting example. An explicit characterization of the absolute 
equality for Ti^-calculus is tricky. It is definitely different from tfie popular equivalence widely accepted for tt^. Tfie 
asyncfironous equivalence studied by Honda and Tokoro IHTI . Boudol IfT^ and Amadio, Castellani and Sangiorgi ||2l, 
satisfies tfie following equality, wfiere stands for tfie asyncfironous bisimilarity. 

a(x).ax 0. (21) 

The equality (ISTT i does not hold for the absolute equality since it violates the equipollence condition. Another equality 
validated by the asynchronous equivalence is (l22l i. 

\a(x).ax a(x).ax (22) 

Equality (l22l i is rejected by the absolute equality because ac | la(x).ax is divergent but ac | a(x).ax is not. However the 
following absolute equality holds. 

a(x).ax\a(x).ax-„A a(x).ax (23) 

How should we reconcile the difference between the absolute equality and the asynchronous equivalence? A new 
approach to the asynchronous calculus that gives a satisfactory answer to the question is outlined in ll25l . Asynchrony 
is more of an application issue than a model theoretical issue. 

An important topic that is not discussed in the present paper is the pre-order relations on processes. A pre-order 
can be interpreted as an implementation relation or a refinement relation. Examples of pre-orders are simulation 
and testing order. Notice that the box equality immediately suggests the box order <□ relation, which is the model 
independent counterpart of the testing order. So far the order theory of processes has been basically model specific. 
It should be fruitful to carry out a systematic model independent study on the order relations on the processes. Initial 
efforts have been made in OTI along this line of investigation. 

We conclude this section by remarking that the branching style bisimulation property is what makes the coinci¬ 
dence proofs difficult. External cfiaracterizations of tfie weak equalities of tfie 7r-variants are mucfi easier to come 
by. 
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4 Expressiveness 


How do different variants of the 7r-calculus compare? One fundamental criterion for comparison is relative expressive¬ 
ness. Typical quesitons about expressiveness can be addressed in the following fashion; Is a calculus M as powerful as 
another calculus L? Or are L and M non-comparable in terms of expressiveness? To answer these questions, we need 
a notion of relative expressiveness that does not refer to any particular model. The philosophy developed in IIZTl is that 
the relative expressiveness is the same thing as the process equality. The latter is a relation on one calculus, whereas 
the former is a relation from one calculus to another. To say that M is at least as expressive as L means that for every 
process L in L there is some process M in M such that M is somehow equal to L. It is clear from this statement that 
relative expressiveness must break the symmetry of the absolute equality. Condition (2) of Definition|8]can be safely 
kept when comparing two process calculi. But condition (1) has to be modified. The reader is advised to consult ED 
for the argument why the reflexivity condition for the absolute equality turns into a totality condition and a soundness 
condition. The following definition is taken from im. 

Definition 43. Suppose L, M are two process calculi. A binary relation ^from the set V\, of ^-processes to the set 
Vm ofM.-processes is a subbisimilarity if the following statements are valid. 

1. !R is reflexive from L to M in the sense that the following properties hold. 

(a) % is total, meaning that VL 6 e 'Pm-L'KM. 

(b) is sound, meaning that L 2 %M 2 implies Mi =m M 2 . 

2 . 5R is equipollent, extensional, codivergent and bisimilar. 

We say thatL, is subbisimilar to M, notation L C M, if there is a subbisimilarity from L to M. 

An elementary requirement for the relative expressiveness relationship is transitivity. The subbisimilarity rela¬ 
tionship is well defined in this aspect since its transitivity is apparent from the definition. So we have formalized the 
intuitive notion “M being at least as expressive as L” by “L c M”. We write L c M if L C M and M L, meaning 
that M is strictly more expressive than L. The reader might wonder why the soundness condition of Definition |4^ is 
not strengthened to the full abstraction. The truth is that the soundness condition is equivalent to the full abstraction 
condition as far as Definition |43] is concerned. 

It is shown in lIZTl that in general there are an infinite number of pairwise incompatible subbisimilarities from L to 
M. However for the 7r-variants studied in Il28l there is essentially a unique subbisimilarity between any two of them. It 
is shown in |[27l that a subbisimilarity for these variants is basically a total relation 51 satisfying the following external 
characterization property: 

1. If Q%-^P P’ then Q" -U Q'%-^P' and P%Q" for some Q', Q". 

2. If P%Q -U Q' then P ^ P" -U P’%Q’ and for some P’, P". 

Now consider the self translation [[_]|>< from the 7r-calculus to itself. The nontrivial part of the translation is defined 
as follows; 


|[a(x).ri« = d(c).c(x).lTU 

lab.TJ^ “ a(y).(yb\in^). 

It is structural on the non-prefix terms. Is = a subbisimilarity? The negative answer is proved in 1271 . This is an 
example of a typical phenomenon. Without the soundness condition, many liberal encodings like the above one would 
be admitted. In most cases soundness is the only thing to prove when comparing a syntactical subcalculus against a 
super calculus. 

If the external characterizations of the absolute equality in tti and 7 T 2 are available, then it is often easy to see if 
7Ti C 7T2. Otherwise it might turn out difficult to prove tti c 712 . For example so far we have not been able to confirm 
that 7T^ C C 7r, although the following negative results are easy to derive. 
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Figure 3: Expressiveness Relationship 


Proposition 44. 'k%'k % 

Proof. Using the same idea from lIZTl it is routine to show that the 7r-process a{x).bb + a{x).cc cannot be defined in 7r“ 
and the 7r“-process a(x).[x-c]bb cannot be defined in . □ 

The relative expressiveness between n,7:^,7r^ is settled in 010511 . Fig. 0 shows that they are pairwise incompatible. 
The relative expressiveness of is still unknown. 

Before ending this section, let’s see a positive result. Consider the boolean expressions constructed from the binary 
relation = and the logical operators A, For example = a) A -i(x = b)) is such an expression, which is normally 

abbreviated to x = a V x - b. Fet n'' denote the 7r-calculus with the match and mismatch operators replaced by the 
operator [^](-), where ^ is a boolean expression. 

Proposition 45. n Q Q n. 

Proof. The external bisimilarity and the absolute equality coincide for iif. So tt C is obvious. The proof of the 
converse is equally simple as soon as the encodings of the processes of the form {ip\T become clear. Given any ip, one 
may transform it into a disjunctive normal form Vig/ Vi- applying the equivalence 

\J ipi<^\J ifi A (m = v) V \y ifi ^{u + v), 

iel tel iel 

one gets a complete disjoint partition V jej of V on /v([^]r) U gn{{ipYr). It follows that {ipYP - Wjeji’fjYT holds in 
jf'. Therefore {iffP can be bisimulated by Wjejif j\T. □ 


5 Proof System 

An important issue for a process calculus is to design algorithms for the decidable fragments of the calculus. The 
behavior of a finite term can obviously be examined by a terminating procedure lf56ll . More generally if a term has only 
a finite number of descendants and is finite branching, then there is an algorithm that generates its transition graph BTl , 
which can be seen as the abstract representation of the term. An equivalence checker for the terms now works on the 
transitions graphs. To help transform the terms to their underlying transition graphs, a recursive equational rewrite 
system would be helpful. 

In this section we construct two equational systems of the finite 7r-terms, one for the absolute equality and the other 
for the box equality. Our prime objective is to demonstrate how the name dichotomy simplifies equational reasoning. 


5.1 Normal Form 

To construct an equational system, it is always convenient to introduce a combinator that is capable of describing the 
nondeterministic choices inherent in concurrent systems. This is the general choice operator “+’. The semantics of 
this operator is defined by the following rules. 


S 




r 


S 


+ T 



S +T 


r 
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The choice operation is both commutative and transitive. We will write T\ + ... + Tn or Yjiei Ti, called a summation, 
without further comment. Here Ti is a summand. Occasionally this notation is confused with the one defined in (fTOl l 
or When this happens, the confusions are harmless. Using the unguarded choice operator, one may define for 
example [pe'Fjr by 

^[p=m]r. 

meT 

In general one could define {(p)T for a boolean expression constructed from =, A, It follows that if (p then S else T 
is definable using the general choice operator. The choice operator is a debatable operator since it destroys the con¬ 
gruence property of the absolute equality. In most of the axiomatic treatment of this operator an induced congruence 
relation is introduced. This is avoided in this paper since we see the choice operator not as a proper process operator 
but as an auxiliary one used in the proof systems. 

One criterion for an equational system is if it allows one to reduce every term to some normal form. The exercise 
carried out in Section [3.1.4l suggests the following definitions. 

Definition 46. Let f be gn(T) U fv(T). The n-term T is a normal form on f if it is of the form 

iel 


such that for each i e I one of the followings holds. 

1. If Ai — T then Ti is a normal form on 'T. 

2. If Ai — hm then Ti is a normal form on 

3. If Ai — h(c) then Ti = [ci'FYr': for some normal form T^ onfU {c). 

4. If Ai — n(x) then Ti is of the form 

[xiT]Tf + ^ [x^m]T'f 

such that Tf is a normal form onfU {v) and, for each m e f, x i fv{Tf) and Tf is a normal form on T. 

Definition 47. T is a complete normal form on T if it is of the form 5<rT' for some normal form T' such that 
gniV) U fv(T') QTQfNVJ K- 

5.2 Axiom for Absolute Equality 

The equational system for the absolute equality on the finite 7r-terms is given in Fig. |4] The axioms Cl and C2 are 
computation laws. Notice that C2 implies the following equality 

t.T = t.{T + t.T). 

We write AS S = T if S - T can be derived from the axioms and the rules in Fig. |4] and the equivalence and 
congruence rules. Some derived axioms are summarized in the next lemma. The proofs of these derived axioms can 
be found in for example Il29l . 

Lemma 48. The following propositions are valid. 

1. AS \-T = T + ipT. 

2. AS h ipir.T — (f7T.(fT. 

3. AS h {c){x4c\T — (c)T and {c){x—c\T — 0. 

4. AS h (fiT - ipTcr^p. 
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LI 

(c)0 


0 


L2 

(c)(d)T 


(d)(c)T 


L3 

{c)n.T 


7I.(c)T 

if c ^ n(7r) 

L4 

{c)n.T 


0 

if c = sub jin) 

L5 

(c)pT 


ip{c)T 

ifci n((p) 

L6 

(c)[x^c]T 


0 


L7 

{c){S + T) 


(c)5 + {c)T 


Ml 

{T)T 


T 


M2 

{±)T 


0 


M3 

pT 


fiT 

if tp if 

M4 

[x^p]T 


[x^p]T{plx) 


M5 

{x+p^n.T 


[x4p]7r.[x4p]7’ 

if X ^ bv(7T) f p 

M6 

p{S + T) 


tpS + ipT 


SI 

r + 0 


T 


S2 

S + T 

= 

T +S 


S3 

R + (S +T) 


(R + S) + T 


S4 

T + T 


T 


S5 

T 


[x=p]7’ + [x+p]T 


S6 

n(x).S + n(x).T 


n(x).S +n(x).T + n{x) .{[x-p]S + [x^plT) 

Cl 

A.t.T 


A.T 


C2 

T.{S + T) 


t.{t.{S +T) + T) 



Figure 4: Axioms for Absolute Equality. 


5. AS h A.ifiT.T — A.ipT. 

6. AS h m(x).([xer]T'+[xir]T.T)+Zli m(x).([x^ni]T'+[x^ni]T.T) = m(x).([xer]T'+[xir]T.T)+Zli m(x).([x^ni]T'+ 

[x—ni]T.T) + m(x).T, where 'F - [n\,, rik]. 

Using these derived axioms it is easy to prove the following lemma by structural induction. 

Lemma 49. Suppose T is a finite n-term and tp is complete on a finite set F 3 gn(T)U fv(T). Then AS h tpT - ip~5T' 
for some complete normal form 6T' on gn(6T') U fv(6T'). 

Proof. To start with, A5 pT - <pr(p*T = i/3“(^’‘7’)cr^=. In the second step observe that within A5 we can carry out the 
reductions, explained in Section 13.1.41 to {ip*T)cr^=. Notice that, for each F Qf N U M>, although \xFF] U {x=m}meT 
is not a complete disjoint partition of U {.r), the set {{x&') A 6<r} U A d<r}meT is a complete disjoint partition 

ofFiJ (v). □ 

Suppose we are to prove AS (fS - pT where p is complete on gn{S \ T) U fv{S \ T). According to Lemma l49l we 
only need to prove AS 6S' = 6T' for some complete normal forms 6S', 6T'. In the light of this fact the next lemma 
should play a crucial role in the completeness proof. 

Lemma 50. Suppose S, T are normal forms on the finite set F 3 gn(S \ T) U fv{S \ T). If Sy^S — dj^T then AS h 
dj^T.S - dy-T.r. 

Proof. Assume that S = Yjiei ^i-Si and T = Yjjej and that 6<rS - 6j^T for some F 2 gn{S \ T) U fv{S \ T). Let 
p be an assignment that agrees with by-. We are going to establish by simultaneous induction on the structure of S,T 
the properties stated below. 

(S) If Tp T'p -r> then AS h dyrr.T = 6rr.{T + T') = 6rr.T'. 

(P) IfdrS = 6rT then A5 h drr.S = SrUS + T) = drr.T. 
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Suppose Tp ^ Tip ^ ^ T„p T'p -t*. Lemmal^and Lemma imply that dj^Ti - ... - d-j^Tn - 6f-T'. By 

induction hypothesis on (P), A5 h dy-rTi = ... = 6y^T.T„ - dy-rT'. Therefore 

A5 h 6rT.T = 6rT.(T + r.T'). 

T 

Let ^.j.Tj be a summand of T. Consider how T'p might bisimulate Tp —> Tjp. There are four cases. 

1. Aj - T and Tp —» Tjp. Suppose the r-action is bisimulated by T'p —» T'^ip - Tjp for some T',. Then 6<rT'j, - 
6fTj by Lemma[33]and Lemma[34] It follows from the induction hypothesis on (P) that AS h Sjtt.T'j, = Sjtt.T j. 
Using (2) of Lemma @8] one gets the following inference 

A5 h 6rT.iT + t.T') = 6rT.iT + r.iT' + r.T'.,)) 

= 6rT.iT + r.iT' + r.Tj)). 

If T'p —> Tjp is bisimulated vacuously by T'p. Then 6rTj - 6rT' according to Lemma|^and Lemma[34land 
consequently A5 h 6rT.Tj - dy-T.T' by the induction hypothesis on (P). It follows from C2 that 

AS h 6rT.iT + r.T') = 5rT.iT + r.iT' + r.T')) 

- 5rT.iT + r.iT' + r.Tj)). 


2. Aj - nm and Tp Tjp for some a,b. We can prove as in the next case that AS h 6rT.iT + r.T') - 

6rT.iT + r.iT' + nm.Tj)). 

_ a{c) a{c) 

3. Aj - mic) and Tp —> Tjp for some a. Suppose this action is bisimulated by T'p —> T'yp - Tjp for some T',. 
Then (5y-[c^!F]r', = 6r[ci'F]T: and 

J ■' 

AS h 6r[c(r]r.T'j, = 6r[cir]r.Tj 
by induction hypothesis on (P). Therefore 

AS h 6rmic).[ci'F]T'j, - 6rmic).[ci'F]Tj. 

It follows from (3) of Lemma |48] that 

A5 h 6rT.iT + r.T') = 6rT.iT + r.iT' + mic).Tj)). 

4. Aj - mix). Assume that pirn) - a and gnUS \ T)p) - {bi,..., b„}. Let e ^ be such that = bk if bk & 'F and 
pitik) = bk if bic i F. There are two subcases. 

abk able 

(a) For every k e {1, ..., n), one has Tp —> Tjp{bk/x}. Let this action be bisimulated by T'p —^ Tl^^p{bklx] = 
Tjp\bklx}. Then 

AS h 6r[x^nk]r.T'„^ = 6r[x^nk]r.Tj 
by induction hypothesis on (P). Consequently 

6rT.iT + r.T') = 6rT.iT + r.iT' + mix).T'„^)) 

= 6rT.iT + r.iT' + mix).i[xitnk]r.T'„^ + [x=nk]r.T'„^))) 

= 6rT.iT + r.iT' + mix).i[Xitnk]r.T'„^ + [x^nk]r.Tj))). 

ad 

(b) Suppose Tp —> Tjpidjx), where d iF, i& simulated by 

T'p T^p{d/x} = Tjpidix}. 

Like in the previous subcase, we may prove that 

AS h 6rT.iT + r.T') = 6rT.iT + r.iT' + mix).i[xeF]r.Tx + [xiFjr.Tj))). 
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Putting together the two equalities obtained in (a) and (b), we get the following equational rewriting 
AS h 6yrT.{T + t.T') — 6jrT.{T + t.(T' + m(x).([xe'J^]T.T^ + [xi'Fjr.Tj) 

n 

+ m{x).{{x+nk\T.Tnt + {x^nk\T.Tj))) 

;=i 

= 6rT.{T + t.{T' + m(x).Tj)), 
where the second equality holds by (6) of Lemma l48l 
Using the fact that 6<j^T - we may apply the above argument to every summand of T to derive that 

AS h 6rT.T = 5rT.{T + t.{T' + T)). 

Resorting to the full power of C2 we get from the above equality the following; 

AS h drr.T = 6rT.(T + T'). (24) 

If we examine the proof of (l24l) carefully we realize that it also establishes the following fact; 

AS h 6rT.{T + T') = 


This finishes the inductive proof of (S). 

The inductive proof of (P) is now simpler. Suppose (5y-5 = Let S', T' be such that Sp S'p and 

Tp T'p According to the induction hypothesis of (S), the followings hold. 

AS h SjrT.S - djrT.S', 

AS h drr.T = drr.T'. 

The inductive proof of (S) can be reiterated to show AS h - dy-T.T'. Hence AS h djrr.S = dy-T.r. □ 

It is a small step from LemmalSOlto the completeness result. 

Theorem 51. Suppose S ,T are finite n-terms. Then S —T if and only if AS h t.5 - t.T. 

Proof. Let T be gn(S \ T) U fv(S \ T) and let [ipi]iei be a complete disjoint partition f. Then 5 = T if and only if 
ipiS - (piT for every i e I. For each i e I, ipiS = piT can be turned into an equality of the form (pj((ffS')cr^r = 
(fij{(fifT')(Tg,T. Using Lemmal^and Lemma |4^ this equality can be simplified to 6S” — 6T", where 6S" and 6T" are 
complete normal forms. We are done by applying Lemma |50] □ 

5.3 Axiom for Box Equality 

According to Theorem|42l a proof system for the box equality on the finite ;7r-terms is the same as a proof system for 
the testing equivalence on the finite ;7r-terms. De Nicola and Hennessy llT9ll have constructed an equational system 
for the testing equivalence on the finite CCS processes. Built upon that system, Boreale and De Nicola Q have 
studied the equational system for the testing equivalence on the finite 7r-processes. So there is not much novelty 
about an equational proof system for the box equality on the finite tt- terms. It would be however instructive in the 
present framework to give an outline of the proof technique that reduces the completeness for the box equality to the 
completeness for the absolute equality. 

Since one may devise an equational system for the latter by extending the system given in Fig. |4] The 

additional axioms are given in Fig. |5] These laws are the well known axioms for the testing equivalence of De Nicola 
and Hennessy m adapted to the 7r-calculus. It is well known that they subsume Milner’s r-laws (See Fig. |^. Let 
A5 b be the system A5 \ {Cl, C2) U {Nl,N2,N3,N4}. It is routine to check that ASb is sound for the box equality. To 
prove that the system is also complete, we apply the following strategy. 
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N1 

A.S + A.T 

= A.(t.S + t.T) 

N2 

S +t.T 

= t.(5 +T) + t.T 

N3 

n(x).S + T.(n(x).T + R) 

— T.(n(x).S +n(x).T + R) 

N4 

hl.S +T.(hm.T + R) 

— T.(hl.S + hm.T + R) 


Figure 5: Axioms for Box Equivalence. 


T1 

A.t.T 

= A.T 

T2 

T + t.T 

= t.T 

T3 

4.(5 + t.T) 

= 4.(5 + t.T) + A.T 


Figure 6: Milner’s Tau Laws. 


S =□ r if and only if there exist some S', T' such that ASb ^ S - S', ASb ^ T - T' and S' - T'. 


The soundness of the strategy relies on the fact that ASb is complete for =. To make the strategy work, we need to 
introduce a special set of 7r-terms, different from the complete normal forms, so that the box equality and the absolute 
equality coincide on these special ;7r-terms. 

Axiom N1 suggests that a summation may be rewritten to a form in which no two summands have identical non-tau 
prefix. For instance 

ASb^- a(x).S + a(y).T - a(z).(T.S {z/x) + T.T{z/y}) 


and 


A5 b I- a(b).S + a(c).T - a{d).{T.S{dib} + T.T{dlc}). 


Axiom N2 implies that either all the summands of a summation are prefixed by t, or none of them is prefixed by t. 
Moreover N1 actually says that one does not have to consider any r-prefix immediately underneath another r-prefix. 
Axioms N3 and N4 can be used to expand a summation Yjiei t-Ti to a saturated form. We say that T.Ti is saturated 
if T.(/li .Ti + Tj) is a summand of 2,e/ "r.r, whenever there is a summand Ai .T i of T, such that for every summand A 2 .T 2 
of Tj it holds up to a-conversion that A 2 ^ Ai. These observations lead to the following definition. 


Definition 52. Let T be gn(T) U fv(T). A finite n-term T is a box normal form if it is in one of the following two 
forms: 


1. There are A,B,C Qf N, where C B, such that T is of the shape: 


^ a{x). 

aeA 


r \ 

[xmTa + 

. neT ^ 


heB neNt 


+ Y^c{d).Tc 

ceC 


where Nb Qf N Nvt and moreover the following properties hold: 

(a) for all a & A, Ta is a box normal form onf^ {x}; 

(b) for all a e A and all nef, x i. fv(T") and is a box normal form on T; 

(c) for allb e B and all neNb, T’^ is a box normal form on T; 

(d) for all c & C, Tc is a box normal form onf^ [d], 

2. There is some finite set I such that T is of the following form 

iel 


(25) 


( 26 ) 


such that the following properties hold: 
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• For each i e I, T, is a box normal form on T of the shape ( 1251) ; 

• Yiiei T-Ti is saturated. 

In the above definition we have ignored the conditionals. This is rectified in the next definition. 

Definition 53. T is a complete box normal form ifT = dy^T' for some box normal form T' such that gn(T') U fv{T') c 
TQfNiJK. 

We can now state a lemma that correlates Lemma |49] 

Lemma 54. Suppose T is a finite n-term and ip is complete on a finite set T 3 gn(T)Ufv(T). Then AS b i- pT - p~dT' 
for some complete box normal fonn 6T' on gn(6T') U fv{6T'). 

Proof The proof is a modification of the proof of Lemmal49lwith additional rewriting using N-laws. □ 

We could have a lemma that parallels Lemma l50l But the following result is more revealing. 

Lemma 55. Suppose S, T are complete box normal forms on the finite set T — gn(S \ T) U fv{S \ T). Then S —a T if 
and only if S — T. 

Proof Suppose S T. By Lemmal54lwe may assume that S = dS' and T = 5T'. Let p be an assignment that agrees 
with 6. Then S'p =□ T'p. In view of Lemmal^ we only need to show that S'p - T'p. So let P. be the relation 

Q)\ P -n Q, and P, Q are box normal forms). 

There are three crucial properties about this relation. 

1. If P is of type (l26l l and Q is of type (l25T l. then P'TiQ whenever P —» P'. This is so simply because Q cannot do 
any r-action. 

2. If both P and Q are of type ( |26] |, then P —^ P' implies Q —^ Q"RP'. 

3. If both P and Q are of type (l25T l. then P —^ P' implies Q Q"RP'. 

For the detailed proofs of these claims, the reader is advised to consult miii. So "R is a TT-bisimulation. □ 

Theorem |5T] Lemma |55] and the fact that complete box normal forms are complete normal forms immediately 
imply the completeness of AS *. 

Theorem 56. Suppose S,T are finite n-processes. Then S =□ T if and only if AS b i- x-S — t.T. 

It is remarkable that axioms N1 through N4 actually reduce the box equality on the finite terms to the absolute 
equality on the finite terms. This is yet another support to the branching style bisimulation. 

5.4 Remark 

In theory of CCS, Milner’s equational systems for the strong and the weak congruences on the finite CCS-processes ll40l 
|56l and De Nicola and Hennessy’s system for the testing congruence are well known. A complete system for the 
branching congruence was given van Glabbeek and Weijland IIIOII in the first paper on branching bisimulation, in 
which the following single tau law is proposed. 

d.(T.(5 + T) + D = 4.(5 + T). (27) 

The axiom (IZTl l is clearly equivalent to the combination of Cl and C2. Their proof of the completeness in IIIOII makes 
use of a graph rewriting system. Later 19^ gave a more traditional proof of the completeness theorem. 

The extension of these systems to the value-passing framework is not trivial, the reason being that every value¬ 
passing calculus is built on top of an oracle domain, say T. Early inference systems studied by Hennessy and 
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Ingolfsdottir ll3^ [?4l [35l are based on concrete semantics. An uncomfortable rule in all these systems, from the 
point of view of a proof system, is the so-called w-data-rule (l28l) . 


Vve ®.5{v/4 = T{vlx] 
a(x).S - a(x).T 


(28) 


A signihcant step was made by Hennessy and Lin 113611 that introduces a whole new approach to the study of the 
value-passing calculi. The symbolic semantics dispenses with (l28l l by introducing a strong logic. One could argue that 
this use of a logic is cheating because it essentially makes use of a universal quantihcation operator that ranges over 
the oracle domain T. But the virtue of the symbolic approach is that one could define a value-passing calculus using 
a moderate logic that makes a lot of sense from a programming point of view, and then works out the observational 
theory with the help of the logic. Using this idea Hennessy and Lin ll37ll propose several symbolic proof systems for 
finite value-passing processes. A survey of the symbolic approach is given in ll44ll . 

For the name-passing calculi, the study on the proof systems was initiated in the pioneering paper of Milner, 
Parrow and Walker ll60l . Their system is complete for the strong early equivalence. It contains the tu-name-rule ( |29] ). 
which is a variant of (l28T l. 

Vn 6 N.S{n/x} = T{n/x} 

-——-— (29) 

a(x).S = a{x).T 

In the presence of the hnite branching property, ( l29l l is more manageable than ( l28T l since only a hnite number of the 
premises of ( l29l l have to be verihed. A beautiful alternative to rule (l29T l is set of axioms for match/mismatch introduced 
by Parrow and Sangiorgi 11721 , among which the following one, S5, plays an indispensable role. 


[x-y]T + [xi^y]T - T 


(30) 


Axiom (l30t offers the possibility to carry out case analysis within an equational system. It is obvious from (l30l) that 
Parrow and Sangiorgi’s systems are only good for the 7r-calculi with the mismatch operator. The mismatch is also 
necessary to state the following law, S6, which hrst appeared in 11721 . 


n(x).S +n(x).T -n{x).S +n{x).T + n(x).([x-y]S +{xi^yYr) 


(31) 


Axiom OTT) characterizes the atomic nature of interactions. The symbolic approach to proof systems however makes 
use of neither ( l29l nor OTT l. Lin’s symbolic proof systems Il45ll49l are capable of dealing with calculi with or without 
mismatch operator. Instead of OTl l. the systems in Il45ll49l resort to a less attractive rule i 


ZielT.Si = ZjejT.Tj 

Ziei aix).S i = Zjej a{x).T j 


(32) 


A proof system for the strong open bisimilarity is given in 11831 . in which all axioms are indexed by distinctions. The 
system without using distinctions is proposed in 1291 . Since the following law, M5, 

[x+y]n.T - [xi^y]n.[xi^y]T (33) 

is invalid in the open semantics, axiom (l34l) is proposed in 1291 as a substitute for (l33T l. 

{a)C[[x^a]T] = (a)C[0] (34) 

It is worth remarking that ( l34b is equivalent to {d)C{{x+a\r'\ - (a)C[7’] in the presence of ( l30l l. So it is enough even 
for the TT-calculus with the mismatch operator. 

The hrst complete proof system for the weak congruence on hnite ;7r-processes is Lin’s symbolic system l46ll48l . 
The nonsymbolic systems were proposed by Parrow iTOl using (l32l i. and by Fu l29ll using OTT l. In 1^ the authors have 
also discussed complete equational systems for the weak open congruence. It is revealed that the open bisimilarities, 
as well as the quasi open bisimilarities l24]| . are quite complicated in the presence of the mismatch operator. It has 
been suggested that the complications are due to the introduction of the mismatch operator. The real culprit is however 
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the confusion of the names and the name variables. Study on the weak open systems pointed out that Milner’s three 
T-laws are insufficient ll29l . An additional r-law 

t.T = t .( 7 ’ + (fiT.T) (35) 

is necessary. Notice that ( l35l l is derivable from (l33l l. 

All of these tiny discrepancies appear a little confusing. What the present paper reveals is that all these incompati¬ 
bilities disappear once the names are treated properly. Moreover, since the mismatch operator comes hand in hand with 
the match operator, there is no real interest in systems without the mismatch operator. Proof systems for 7r-variants 
can be obtained by extending A5 with additional laws. For example the following two axiom schemes are introduced 

inIfTOSl. 


n(c).C[cm.T] = H(c).C[0], (36) 

n{,c).C[c{x).T] = H(c).C[0]. (37) 


It is pointed out by Xue, Long and Fu 111051 that AS U l (l36l ll is complete for and that AS U i dTTl) ! is complete for 


A more challenging issue is to construct proof systems for the regular processes ll55l . A regular process is not 
necessarily finite state 15^ : it is generally finite control 1481 . Milner addressed the issue in the framework of CCS. His 
strong complete proof system ll55l and weak complete proof system ll57l make crucial use of the following fixpoint 
induction rule 


F{EIX} = E 
E = jdX.F 


X is guarded in F. 


(38) 


Milner’s approach has been applied to branching congruence by van Glabbeek ll^ . It has been extended and applied 
to the value-passing calculi by Hennessy, Lin and Rathke ll^lT^I^ and to the 7r-calculus by Lin ll46ll48l . All these 
more complicated complete proof systems are of a symbolic nature. The side condition of the fixpoint induction (l38T l 
renders the rule truly unwelcome. But as Sewell has proved in ll88l l90l there is no finitely axiomatizable complete 
system for the finite controls. In order to derive the equality 


fiX.a.X — jiX.a. ■ ■ ■ M.X 

k>l 

from a finite system, one needs rule(s) in addition to axioms. It is possible to come up with a complete proof system in 
which all the rules are unconditional 1891 . But it would probably not pay off when it comes down to implementation. 
Now if we have to stick to the fixpoint induction, how should we make use of it? Milner’s straightforward answer ll55l . 
adopted in almost all follow-up work, is to introduce process equation systems. To apply this approach to the n- 
calculus, it is convenient to use abstractions over names ll^l48l . 

The finite states/controls raise the question of divergence. The axiomatic treatment of divergence has been borrow¬ 
ing ideas from domain theory |[3l. Scott’s denotational approach is too abstract to give a proper account of interactions, 
and in the case of divergence, non-interactions. Early treatment of divergence in process algebra is more influenced 
by the domain theoretical approach lfT9lll02l . It appears that the first successful operational approach to divergence is 
achieved in Lohrey, D’Argenio and Hermanns’ work ifSOlfSTI on the axioms for divergence. Crucial to their approach 
is the observation that all divergence of a finite control is due to self-looping. The A-operator, defined below, is isolated 
to play a key role in their inference systems. 

A(r) ijXXt.X + T) (39) 

Lohrey, D’Argenio and Hermanns’ systems consist of the laws to convert divergence from one form to another so that 
the fixpoint induction can be applied without any regard to divergence. One axiom proposed in lISOllSTl is 

A(A(r) -H T') = T.(A(r) -H T'). (40) 

The law (l40l l is sound for the termination preserving weak congruence. But it fails to meet the codivergence property. 
Based on Lohrey, D’Argenio and Hermanns’ work, Fu discusses the axioms for the codivergence in the framework of 
CCS ll2^ . The codivergent version of (l40l i for example is 

A(A(7’)) = A(7’). (41) 
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It is worth remarking that (ITTI i is valid for the strong equality. The proof systems using the A-operator begin to unveil 
the rich structure of divergence. It also provides a purely equational characterization of the internal actions. The 
codivergence satisfies another equational axiom: 

A(S+t.A(S+S')) ^ A(S+S'). (42) 

It is interesting to notice the similarity between (l42l i and (l27l i. 

The above discussion is meant to bring out the following point. The system AS plus the axioms of codivergence 
proposed in ll^ give rise to a complete proof system for the absolute equality on the regular ;7r-processes, which is 
more accessible than the symbolic proof system. 

How about a complete equational system for the box equality on the regular 7r-processes. A crucial step would be 
to prove for the regular 7r-processes a property corresponding to the one stated in Lemma|^ It could turn out that this 
problem is far more difficult than one would have perceived. Rensink and Vogler iFTTlI point out a surprising fact that 
Milner’s fixpoint induction fails for the fair/should testing equivalence. Consider the process equation 

X = a.X + a.ijZ.(a.Z + b). (43) 


It is not difficult to see that 

a./dZ.a.Z + a.fiZXa.Z + b) =□ a.ia.jiZ.a.Z + a.iiZ.{a.Z + b)) + a.jiZXa.Z + b). 


The solution 


RVo - a.jjZ.a.Z + a.jiZ.ia-Z + b) (44) 

is not box equal to the canonical solution 

def 

RVi “ fiX.ia.X + a.fiZ.ia.Z + b)) (45) 

to the equation (l43t . A context that tells apart the processes (l44l) and (|45]) is (ab)(- \ fj.Y.(a.Y + b.d)). This is because 
{ab){RV\ \^Y.(a.Y + b.d)) is strongly observable whereas (ab)(RVo \fiY.{d.Y + b.d)) is not. 

Unlike the pure algebraic view of process 13, we tend to think of AS and AS b as proof systems that help derive 
process equalities. This explains the particular statements of Theorem BTI and of Theorem |56] The emphasis on 
equational proof systems rather than on axiomatic systems has the advantage that the introduction of congruence 
relations can be avoided. What is stated in Theorem |5T] is called promotion property in Il29l . It is pointed out by Fu 
and Yang 1291 that this property is absolutely necessary to prove that an algebraic system of the 7r-calculus is complete, 
the reason being that Hennessy Lemma 1561 fails for the 7r-calculus l2^ . 

6 Future Work 

The studies in process calculi over the last thirty years largely fall into two main categories: 

I. The first is about the diversity of models. A lot of process calculi have been designed and discussed 1^ . 

II. The second is about equivalence. Many observational equivalences and algebraic equalities have been proposed, 
axiomatized and compared l97l l99l . 

In literature there is only a small number of papers that deal with expressiveness or completeness issues imiisi 
l67l f30l |2^ . If we understand the situation correctly, we are at a stage where we try to seek the eternal truth in 
process theory |[T]. It is our opinion that we will not be able to go very far if we do not seriously address the issue 
of problem solving with process calculi. It is only by applying a model to tackle real problems can our treatment of 
the observational theory of the model be verified. Talking about problem solving, there is no better process calculus 
than the 7r-calculus to start with such an investigation. What is achieved in this paper is a condensed account of the 
foundational theory of the 7r-models that provides support for problem solving. 
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Eternal truths have to be model independent. They would not be very interesting if the models we are considering 
are too liberal and too diversihed. This is why our presentation of the 7r-calculus has followed the general principles 
and methodologies of Theory of Interaction developed in Il27l . The prime motivation of Theory of Interaction can be 
summarized as follows: 

There are two eternal relationships in computer science, one is given by the equality relation (absolute 
equality) between the programs (or processes) of a model, and the other is by the expressiveness relation 
(subbisimilarity) between the models. By using these two fundamental relations, one can then introduce 
a number of basic postulates that formalize the foundational assumptions widely adopted in computer 
science. Now let 9Jl be the class of all models. The hrst postulate asserts that a model belonging to 9Jl 
must be computationally complete. 

Axiom of Completeness. V M e ®1. C C M. 

The Computability Model C, dehned in ll27l . is the minimal interactive extension of the computable 
function model. The Axiom of Completeness can be seen as a formalization of Church-Turing Thesis. It 
places a considerable constraint on the world 9J1 of models. 

In Il27l it is shown that is complete in the sense that it satisfies the Axiom of Completeness. In 11051 the com¬ 
pleteness of n^, TT* and is established. So it makes sense to talk about problem solving in all these 7r-variants. We 
remark that completeness in our sense is much stronger than the so-called Turing completeness Il28l . Some variants of 
CCS ||5^ are Turing complete miH, they are however not complete in our stronger sense ET). 

What is done in this paper can be seen as a book-keeping exercise. New results are obtained and old results are 
assessed in a uniform formalism. Based on what is set up in this paper, the 7r-model can be studied in three main 
directions. 

III. A theory of 7r-solvability that goes beyond the traditional recursion theory should be useful to understand the 
power of the name-passing calculi. It can be shown that a pseudo natural number generator is solvable in the 
TT-calculus. But a genuine natural number generator is 7r-unsolvable. It would be useful to develop a theory of 
TT-solvability and investigate the diagonal methods for tackling 7r-unsolvability. Other possible issues to look at 
are nondeterministic functions dehnable in n, the recursion theory of the 7r-processes (say the formulation of the 
s-m-n theorem, enumeration theorem, recursion theorem etc.). 

IV. A comparative study of the complexity classes dehned by the 7r-programs against the standard complexity 
classes ||68l would be instructive for a better understanding of the algorithmic aspect of the 7r-calculus. Such 
a study may begin with a formulation of the class of the problems decidable in the 7r-calculus in polyno¬ 
mial time in a way the class NP is dehned in terms of the Nondeterministic Turing Machine Model, and then 
investigate the relationship between P^r and NP. 

V. At a more applied level, one could try to develop a hierarchy of programming languages implemented on the 
TT-calculus. Previous studies in the program theory of the Tr-calculus have not discussed anything about universal 
process for n. So a great deal more has to be learned before we are conhdent of using tt as a machine model to 
implement a full Hedged typed programming language. 

One may question the practical relevance of these new research directions. After all the Tr-calculus, unlike the De¬ 
terministic Turing Machine Model, does not have a physical implementation. The rapid development of computing 
technology has actually provided an answer. The Internet is an approximate implementation of the Tr-calculus! It is 
not completely, as one might argue, a physical implementation. But it is the kind of computing environment for which 
a theory of the Tr-calculus might provide just the right foundation. 
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